Released an open-source tool for a problem I kept hitting: no visibility into machine identities.
CyberArk's 2025 report found machine identities outnumber humans 82:1. Every IAM role, every OIDC federation from CI/CD to AWS, every service account — they pile up with no one monitoring them.
MII connects to your AWS account (read-only) and:
Discovers every IAM role and trust relationship
Maps them into a directed trust graph
Scores each one 0-100 (admin permissions, cross-account trust, staleness, etc.)
Simulates blast paths — "if this identity is compromised, what's the damage?"
Measures trust debt — unnecessary permissions accumulated over time
Generates remediation plans with specific AWS CLI commands
Also supports GitLab CI/CD identity discovery (finds OIDC federations to AWS).
Docker Compose for local dev, Terraform for AWS deployment (EC2 + CloudFront).
MIT licensed: https://github.com/josephtui767-cloud/MII
Happy to answer questions about the architecture or methodology.
Top comments (0)