Version Control for IAM

IAMbic is a multi-cloud identity and access management (IAM) control plane that centralizes and simplifies cloud access and permissions. It maintains an eventually consistent, human-readable, bi-directional representation of IAM in version control.

Get Started
template_type: NOQ::AWS::IAM::Role
identifier: '{{account_name}}_backend_developer'
included_accounts:
  - '*'
excluded_accounts:
  - compliance
properties:
 description:
   - description: Backend developer role for {{account_name}}
 assume_role_policy_document:
   statement:
     - action:
         - sts:AssumeRole
         - sts:TagSession
       effect: Allow
       principal:
        aws:arn:aws:iam::123456789012:role/ ExampleRole
   version: '2012-10-17'
 inline_policies:
   - policy_name: s3_policy
     statement:
       - # Policy applies to role on all accounts except `customer_data`.
         excluded_accounts:
           - customer_data
         effect: allow
         action:
             - s3:GetObject
             - s3:ListObject
         resource:
             - "*"
         condition:
           StringNotEquals:              
               s3:ResourceTag/sensitive: 'true'  
       - # Allow write access to non-sensitive resources on the dev account          
         included_accounts:
          - dev
        effect: allow
        action:
            - s3:PutObject
        resource:
            - "*"
        condition:
              StringNotEquals:
                  s3:ResourceTag/sensitive: 'true'
role_name: '{{account_name}}_backend_developer'
tags:
  - key: owner
    value: devops
template_type: NOQ::Okta::App
idp_name: development
properties:
 name: Salesforce
 assignments:
   - user: username@example.com
     expires_at: 2023-09-01T00:00 UTC
   - group: salesforce_users@example.com
 status: ACTIVE
template_type: NOQ::Okta::Group
idp_name: main
properties:
 name: engineering_interns
 description: Engineering Interns
 members:
   - username: intern1@example.com
     expires_at: 2023-09-01
   - username: intern2@example.com
     expires_at: 2023-09-01
template_type: NOQ::AzureAD::Group
idp_name: development
properties:
 name: iambic_test_group
 description: A test group to use with IAMbic
 members:
   - name: user@example.com
     data_type: user
     expires_at: tomorrow

Identity Goes Beyond Access

One Common Format

IAMbic (IAM, but in code) maintains an updated and organized copy of your cloud identities and permissions in a human-readable format in Git. It then reflects your desired changes back to the cloud.

Flexible Permission Control

IAMbic makes it simple to manage conditional permissions across your cloud environment. With IAMbic, you can quickly set up temporary access, emergency break-glass authorizations, or custom permissions that fit your specific needs.

As Code, and Open Source

Manage your IAM like you manage your infrastructure - As code, open source, and with familiar tools. IAMbic brings the same version control, automation, and collaboration capabilities that developers expect from your identity management workflows. Your cloud identity is not only secure and compliant but also flexible, scalable, and agile.

How it works

IAMOps

GitOps-driven
Cloud IAM

Manage cloud identities and permissions in a human-readable format with your favorite tools, streamlining access control and provisioning.

1

Make changes locally and create a pull request in Git

2

IAMbic comments on pull request with the change plan

3

Developer iterates until changes look good

4

Get a peer to approve the request

5

Run IAMbic Apply

6

Merge the request

Universal Cloud Identity

IAMbic unifies cloud identity management across AWS, Okta, Google Workspace, and future platforms, simplifying the management process. You can also customize IAMbic to work with your internal authorization providers.

Temporary Access

Define and automate expiration dates for resources, permissions, and access rules, ensuring temporary access doesn't become a security risk.

Dynamic AWS Permissions

IAMbic groups cloud identities into easy-to-understand templates. With AWS, a single template can define a role on multiple accounts, with different levels of permissions, access rules, tags, policies, and more, depending on the account.

IAMbic Keeps Git and Cloud IAM in Sync

IAMbic ensures that Git reflects the current state of your Cloud IAM, even if that IAM is not fully managed by IAMbic. This serves as a reliable artifact for auditing, compliance, and IAM inventory.

With IAMbic, changes made in Git can also be reflected back to your cloud environment. This two-way sync makes it easy to maintain an up-to-date and usable representation of your cloud IAM in Git, and simplifies the process of tracking changes over time.

Resources to get started

Quick-start Guide
Read the guide
Template Examples
Browse Templates
Source Code
View the code
Community Support
Join Our Community

Simplify your cloud permission management

Get Started

Looking for more?

Noq Enterprise takes cloud permission management with IAMbic to the next level with powerful features like zero-standing access, just-in-time credentials, customizable approval flows, automated removal of unused permissions, and virtual guardrails to alert you about risky changes. Plus, periodic access reviews help you stay on top of your entitlements at all times.

Self Service
Unused Permissions Removal
Virtual Guardrails
Access Reviews
Just-In-Time Access

Streamlined self-service permissions, backed by Git

Effortlessly request access to cloud identities, SaaS applications, and fine-grained cloud permissions. Powered by GitOps workflows.

Get Started With Noq

Keep your cloud identity hygiene in check with Noq

Noq simplifies policy management by minimizing the policies attached to your cloud identities. This involves removing redundant and unused permissions, and organizing actions and resources alphabetically.

Get Started With Noq

Automated Security Rules for Your Cloud IAM

Secure your cloud environment with Noq's virtual guardrails - automated security rules codified in the Noq Platform. Enforce various rules across AWS, Google, Okta, and Azure AD, including blocking disallowed services, requiring specific tags, and preventing the use of AWS managed policies.

Get Started With Noq

Keep Your Access Under (Git) Control with Noq's Access Reviews

Noq makes it easy to shift access reviews left. With a full audit trail of access changes over time, you'll know who made changes and when they were made. Noq helps you maintain compliance and manage your cloud identities in one human-readable format.

Get Started With Noq

Convenient and Secure Temporary Cloud Credentials through Noq

Noq generates secure temporary credentials for your cloud identities, linked to the users and groups defined in SSO. With Noq, you can easily configure IP restrictions and conditional session policies to add an extra layer of security based on user or environment context.

Get Started With Noq
FEATURESHOW IT WORKSDOCUMENTATIONget started
© 2022 All Rights Reserved Noq Software, Inc.
 | 
Privacy Policy
 | 
Term & Conditions
By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
 Deny Accept