Version Control for IAM

IAMbic is a multi-cloud identity and access management (IAM) control plane that centralizes and simplifies cloud access and permissions. It maintains an eventually consistent, human-readable, bi-directional representation of IAM in version control.

Get Started
template_type: NOQ::AWS::IAM::Role
identifier: '{{account_name}}_backend_developer'
  - '*'
  - compliance
   - description: Backend developer role for {{account_name}}
     - action:
         - sts:AssumeRole
         - sts:TagSession
       effect: Allow
        aws:arn:aws:iam::123456789012:role/ ExampleRole
   version: '2012-10-17'
   - policy_name: s3_policy
       - # Policy applies to role on all accounts except `customer_data`.
           - customer_data
         effect: allow
             - s3:GetObject
             - s3:ListObject
             - "*"
               s3:ResourceTag/sensitive: 'true'  
       - # Allow write access to non-sensitive resources on the dev account          
          - dev
        effect: allow
            - s3:PutObject
            - "*"
                  s3:ResourceTag/sensitive: 'true'
role_name: '{{account_name}}_backend_developer'
  - key: owner
    value: devops
template_type: NOQ::Okta::App
idp_name: development
 name: Salesforce
   - user:
     expires_at: 2023-09-01T00:00 UTC
   - group:
 status: ACTIVE
template_type: NOQ::Okta::Group
idp_name: main
 name: engineering_interns
 description: Engineering Interns
   - username:
     expires_at: 2023-09-01
   - username:
     expires_at: 2023-09-01
template_type: NOQ::AzureAD::Group
idp_name: development
 name: iambic_test_group
 description: A test group to use with IAMbic
   - name:
     data_type: user
     expires_at: tomorrow

Identity Goes Beyond Access

One Common Format

IAMbic (IAM, but in code) maintains an updated and organized copy of your cloud identities and permissions in a human-readable format in Git. It then reflects your desired changes back to the cloud.

Flexible Permission Control

IAMbic makes it simple to manage conditional permissions across your cloud environment. With IAMbic, you can quickly set up temporary access, emergency break-glass authorizations, or custom permissions that fit your specific needs.

As Code, and Open Source

Manage your IAM like you manage your infrastructure - As code, open source, and with familiar tools. IAMbic brings the same version control, automation, and collaboration capabilities that developers expect from your identity management workflows. Your cloud identity is not only secure and compliant but also flexible, scalable, and agile.

How it works


Cloud IAM

Manage cloud identities and permissions in a human-readable format with your favorite tools, streamlining access control and provisioning.


Make changes locally and create a pull request in Git


IAMbic comments on pull request with the change plan


Developer iterates until changes look good


Get a peer to approve the request


Run IAMbic Apply


Merge the request

Universal Cloud Identity

IAMbic unifies cloud identity management across AWS, Okta, Google Workspace, and future platforms, simplifying the management process. You can also customize IAMbic to work with your internal authorization providers.

Temporary Access

Define and automate expiration dates for resources, permissions, and access rules, ensuring temporary access doesn't become a security risk.

Dynamic AWS Permissions

IAMbic groups cloud identities into easy-to-understand templates. With AWS, a single template can define a role on multiple accounts, with different levels of permissions, access rules, tags, policies, and more, depending on the account.

IAMbic Keeps Git and Cloud IAM in Sync

IAMbic ensures that Git reflects the current state of your Cloud IAM, even if that IAM is not fully managed by IAMbic. This serves as a reliable artifact for auditing, compliance, and IAM inventory.

With IAMbic, changes made in Git can also be reflected back to your cloud environment. This two-way sync makes it easy to maintain an up-to-date and usable representation of your cloud IAM in Git, and simplifies the process of tracking changes over time.

Simplify your cloud permission management

Get Started

Looking for more?

Noq Enterprise takes cloud permission management with IAMbic to the next level with powerful features like zero-standing access, just-in-time credentials, customizable approval flows, automated removal of unused permissions, and virtual guardrails to alert you about risky changes. Plus, periodic access reviews help you stay on top of your entitlements at all times.

Streamlined self-service permissions, backed by Git

Effortlessly request access to cloud identities, SaaS applications, and fine-grained cloud permissions. Powered by GitOps workflows.

Get Started With Noq

Keep your cloud identity hygiene in check with Noq

Noq simplifies policy management by minimizing the policies attached to your cloud identities. This involves removing redundant and unused permissions, and organizing actions and resources alphabetically.

Get Started With Noq

Automated Security Rules for Your Cloud IAM

Secure your cloud environment with Noq's virtual guardrails - automated security rules codified in the Noq Platform. Enforce various rules across AWS, Google, Okta, and Azure AD, including blocking disallowed services, requiring specific tags, and preventing the use of AWS managed policies.

Get Started With Noq

Keep Your Access Under (Git) Control with Noq's Access Reviews

Noq makes it easy to shift access reviews left. With a full audit trail of access changes over time, you'll know who made changes and when they were made. Noq helps you maintain compliance and manage your cloud identities in one human-readable format.

Get Started With Noq

Convenient and Secure Temporary Cloud Credentials through Noq

Noq generates secure temporary credentials for your cloud identities, linked to the users and groups defined in SSO. With Noq, you can easily configure IP restrictions and conditional session policies to add an extra layer of security based on user or environment context.

Get Started With Noq