Cloud-IAM-Drift-Architect The Narrative Engine for IAM Security Research Cloud-IAM-Drift-Architect is a post-processing suite designed to transform raw IAM findings into professional, architectural-risk reports. It bridges the gap between raw data discovery and security reasoning by formalizing the IPPI (Identity Privilege Path Identification) methodology into a structured output.
How it works This tool does not scan the cloud. Instead, it processes static JSON artifacts (primarily from the IPPI engine) and maps them against security invariants to produce a VRP-ready narrative. It is the final stage of the IPPI ecosystem, turning evidence into a compelling case for remediation.
Workflow Detection (via IPPI): Identify "Zombie" identities, role overlaps, or hidden impersonation chains.
Mapping (drift_mapper.py): Identify the drift—the delta—between the security baseline and the actual effective state.
Reasoning (logic_translator.py): Map the identified drift to specific IAM Trust Invariants and architectural risks.
Synthesis (report_synthesizer.py): Generate a structured REPORT.md suitable for Google VRP submissions or executive reviews.
Project Structure Cloud-IAM-Drift-Architect/ ├── scripts/ │ ├── drift_mapper.py # Identifies deltas in IAM state │ ├── logic_translator.py # Translates drift into security logic │ └── report_synthesizer.py # Generates the final markdown narrative ├── samples/ │ ├── ippi_output.json # Standard input from IPPI discovery │ └── baseline.json # The intended security policy baseline ├── README.md ├── LICENSE └── SECURITY.md
Why "Drift"? In Cloud IAM, risk is rarely a single "bug". It is the Drift—the delta between what the security team believes is configured and the effective privilege graph that actually exists. Drift-Architect quantifies this delta, proving that a vulnerability is not an isolated incident but a systemic deviation from intended security invariants.
Usage (Static Analysis Only) Run the scripts locally to process your artifacts:
Bash python3 scripts/drift_mapper.py python3 scripts/logic_translator.py python3 scripts/report_synthesizer.py Output: A professional REPORT.md ready for VRP submission, focusing on architectural impact.
Compliance and Safety 100% Static: Zero network calls, zero API interaction.
Deterministic: Built on the principles of Logic-based security analysis.
VRP-Safe: Explicitly designed for responsible disclosure and high-signal research.
Author: Panagiotis Ntinas (panoskoufodinas-tech) Part of the IPPI Security Ecosystem