A preflight check to validate the expected identity is bound in the environment.
make
NOTE: you will need curl
, bash
, and jq
installed for the install script to work. It will attempt to install the binary in /usr/local/bin
and will require sudo
access. You can override the install directory by setting the INSTALL_DIR
environment variable.
curl -sSL https://raw.githubusercontent.com/robertlestak/preflight-id/main/scripts/install.sh | bash
Usage of preflight-id:
-aws-arn string
aws arn
-config string
config file to use
-equiv
print equivalent command
-gcp-email string
gcp email
-kube-service-account string
kube service account
-log-level string
log level (default "info")
preflight-id \
-aws-arn arn:aws:iam::123456789012:role/role-name
preflight-id \
-gcp-email my-example@my-project.google.com
preflight-id \
-kube-service-account my-service-account
docker run --rm robertlestak/preflight-id \
-aws-arn arn:aws:iam::123456789012:role/role-name
You can also use a config file rather than cli args.
aws:
arn: arn:aws:iam::123456789012:role/role-name
gcp:
email: example@google.com
kube:
serviceAccount: my-service-account
preflight-id -config config.yaml