preflight-id

A preflight check to validate the expected identity is bound in the environment.

Build

make

Install

NOTE: you will need curl, bash, and jq installed for the install script to work. It will attempt to install the binary in /usr/local/bin and will require sudo access. You can override the install directory by setting the INSTALL_DIR environment variable.

curl -sSL https://raw.githubusercontent.com/robertlestak/preflight-id/main/scripts/install.sh | bash

Usage

Usage of preflight-id:
  -aws-arn string
        aws arn
  -config string
        config file to use
  -equiv
        print equivalent command
  -gcp-email string
        gcp email
  -kube-service-account string
        kube service account
  -log-level string
        log level (default "info")

AWS

preflight-id \
    -aws-arn arn:aws:iam::123456789012:role/role-name

GCP

preflight-id \
    -gcp-email my-example@my-project.google.com

Kubernetes

preflight-id \
    -kube-service-account my-service-account

Docker example

docker run --rm robertlestak/preflight-id \
    -aws-arn arn:aws:iam::123456789012:role/role-name

Config file

You can also use a config file rather than cli args.

aws

aws:
      arn: arn:aws:iam::123456789012:role/role-name

gcp

gcp:
      email: example@google.com

kube

kube:
      serviceAccount: my-service-account

preflight-id -config config.yaml