Targe - Open Source IAM Copilot

Targe is an open-source CLI for managing IAM (Identity and Access Management) operations with AI assistance.

DevOps engineers use Targe to configure how employees in their organization access infrastructure resources. Targe simplifies and accelerates granting and revoking access, while supporting custom policy creation — eliminating the need for tedious back-and-forth UI work.

             

How it Works?

1. Configure your cloud credentials to enable Targe to access resources in your infrastructure. Currently, Targe supports only AWS.
2. Start an access flow or use AI to create an access command to fulfill an access request.
3. Preview the access action and complete the access request.

Create an Access Command with AI

Describe the access action you want to perform. For example, "give S3 read-only access to user Omer."

Targe analyzes the request and generates the necessary access command using AI.

Start an Access Flow Manually

You can also manually start any flow to complete an access action.

There are three main flows:

• ~ % targe aws users | Grant or revoke access to/from a user.
• ~ % targe aws groups | Attach or detach a policy to/from a group.
• ~ % targe aws roles | Attach or detach a policy to/from a role.

Let's repeat the example above of granting s3 read-only access to user Omer.

We will use following command to start user flow: ~ % targe aws users.

The user access flow begins by listing the users in the system. Select the user to take action on.

After selecting the user, choose the operation to perform. Let’s attach a policy to user Omer.

In the next step, select the policy you want to attach. You can use "filters" in each section to search what you need.

Finally, preview the access action.

Installation Steps

1. Install Targe CLI:

   brew tap permify/tap-targe
   brew install targe

2. Set Up AWS Credentials:

   Targe requires AWS credentials to be configured in the file ~/.aws/credentials. Follow these steps:

   • Create or open the ~/.aws/credentials file using a text editor:

     nano ~/.aws/credentials

   • Add your AWS credentials in the following format:

     [default]
     aws_access_key_id = your_access_key
     aws_secret_access_key = your_secret_key
     

   • Save the file and exit (in nano, press CTRL + O to save, then CTRL + X to exit).

3. Verify the Configuration:

   Run the following command to confirm the credentials are set correctly:

   aws sts get-caller-identity

   This should return information about your AWS account. If it fails, double-check the credentials file for accuracy.

4. Configure OpenAI API Key

   Run the following command to configure your OpenAI API Key:

   targe config set openai_api_key [your_api_key]

5. Set the Default Region (Optional):

   If your tool requires a specific AWS region, you can set it in the ~/.aws/config file:

   nano ~/.aws/config

   Add:

   [default]
   region = us-east-1
   

   Replace us-east-1 with your desired region.

Communication Channels

If you like Targe, please consider giving us a ⭐