Rather than working with ambiguities when writing your IAM policies, Constable produces an easy to work with representation of your policies to help you better manage the intracacies of your entire infrastructure.
Constable reads Terraform planfiles and evaluates their effects before they go live. Know if any changes allow unwanted IAM access, change critical resource properties, or allow inappropriate role transitions
Constable keeps a watch over your sensitive data and resources - S3 buckets, RDS databases, EC2 instances, or any other AWS services. Write straight-forward but powerful rules to be alerted for inappropriate IAM policy access, wrong role assumptions, or changed resource attributes. Rules can be checked both on Terraform plan - before they go live - and nightly to find changes outside of Terraform.
Constable understands and interprets every line of your IAM policy, and gives a digestible output of who can access what. Constable find and verify all role transitions, including between multiple accounts. Constable uses a mathematically proven formal IAM policy model that understands every IAM policy intricacy and then distills that into a understandable summary
All regions, all AZs, all accounts. Constable keeps track of every single resource and all their identifiers (name, id, tag, and ARN). Constable provides an easy-to-use interface to find anything in your AWS environment - search and filter to find the resources you are interested in.
Constable was born out of the realization that writing IAM policy becomes incredibly tedious and difficult as your AWS scale grows. Referencing resources and principals using string matching is extremely error-prone.
Co-founders Karl MacMillan and Nick Stocchero have put their 30+ years of security and expertise with AWS to develop a formal IAM policy model along with an easy to use interface and tooling to help you tame even the most complex and complicated IAM policies.
Speak to the contable team! Fill out this short form and we will get back to you.
info@constableapp.com
+1-630-335-6823