[HN Gopher] Show HN: Leapp - Multi-cloud credentials tool for de...
___________________________________________________________________
Show HN: Leapp - Multi-cloud credentials tool for developers
Author : andreacavagna
Score : 21 points
Date : 2021-06-30 13:13 UTC (9 hours ago)
(HTM) web link (www.leapp.cloud)
(TXT) w3m dump (www.leapp.cloud)
| toinbis wrote:
| Would love to test it out! Have been evaluating Chamber
| (https://github.com/segmentio/chamber) to solve same/similar
| problem. But Leapp has UI(cool looking!), so it's an obvious
| advantage.
|
| Would be keen to hear what other differences Leapp developers
| would name in comparison to Chamber. Thanks!
| andreacavagna wrote:
| Chamber is a wrapper around AWS Session Manager Parameter
| store.
|
| To make Chamber work, you need a set of AWS Credentials. Leapp,
| by now, manages those AWS credentials and ensure that only
| short-lived credentials will be stored in the ~/.aws files.
|
| Chamber can be a sort of Action of Leapp, like what happens
| with AWS SSM in Leapp, so for each Leapp Session you can, in
| the app, access to an EC2 instance directlly from Leapp,
| without any pem key, via AWS Session Manager System Manager.
|
| So the goals of the 2 tools are a bit different, we work to
| secure and provide access to the Cloud, Leapp is an enabler to
| work in cloud for developers.
|
| If you want to better know what are the goals of the app, refer
| to the Specification
|
| https://github.com/Noovolari/leapp/wiki/specs
| andreacavagna wrote:
| Less than a year ago, my team and I decided to develop an
| essential tool that securely manages programmatic (CLI/SDK)
| access to AWS resources distributed among several Cloud accounts.
|
| Temporary credentials access was a constraint for accessing the
| Cloud in our company, so we decided to build an open-source
| (https://github.com/Noovolari/leapp) tool for every access method
| on your behalf.
|
| Leapp manages different access methods: IAM Users, IAM Roles
| federated with multiple Identity Providers (G Suite, Okta, and
| OneLogin at the time), IAM Role Chained to another AWS entity
| (the cross-account Role access thing), AWS Single Sign-On Roles,
| and Azure Subscriptions by now.
|
| Leapp store securely information of the developers (like AWS
| Access Key and Secret Keys) and generate short-lived credentials
| accessible to any CLI, SKD, and external library.
|
| The idea of the App is to provide the Cloud credentials I need
| only when required. Otherwise, the Cloud Credentials file is
| cleaned and not accessible to any attackers.
|
| We integrate the project with specific services like AWS Single
| Sign-On, the automatic provisioning of the account available to
| access, and AWS System Manager Session Manager to access EC2
| instances directly from the App.
|
| I'm also finalizing the Access to other Cloud providers (Google
| Cloud Platform and Alibaba Cloud) in the following months.
|
| Hundreds of developers are downloading it, and the most common
| reaction is: "It's addictive. I don't want to go back to anything
| else."
|
| After all those requests, from today, we will help the company-
| wide adoption of the project with enterprise support of the open-
| source project.
|
| https://www.leapp.cloud/support
| jamesvnz wrote:
| I happily stumbled across Leapp a few months ago - such an
| improvement for AWS SSO.
|
| Really looking forward to GCP support when it's ready.
| andreacavagna wrote:
| We are almost close to support GCP with the new core business
| logic of the Leapp Daemon:
|
| https://github.com/Noovolari/leapp-daemon
|
| in the next releases we will move the business logic from
| electron to here.
|
| The Electron App and a CLI will communicate with the Leapp
| Daemon.
|
| Btw, the daemon is close to manage GCP and Alibaba Cloud
| Sessions!
___________________________________________________________________
(page generated 2021-06-30 23:01 UTC)