aws-iam-best-practices
Review and Harden IAM Policies
This skill helps Claude and Codex users implement AWS IAM best practices by reviewing policies, identifying overly permissive access, and generating least-privilege IAM configurations.
Descargar el ZIP de la skill
Subir en Claude
Ve a Configuración → Capacidades → Skills → Subir skill
Activa y empieza a usar
Pruébalo
Usando "aws-iam-best-practices". Review my IAM policies for security issues
Resultado esperado:
- Security Review Summary:
- • Found 3 policies with wildcard (*) actions
- • 5 users without MFA enabled
- • 2 access keys older than 90 days
- • Recommendations provided for each finding
Usando "aws-iam-best-practices". Create a least privilege policy for S3 access
Resultado esperado:
- IAM Policy Generated:
- • Allows s3:GetObject and s3:PutObject to specific bucket prefix
- • Uses ${aws:username} for user-specific access
- • Includes ListBucket condition for prefix restriction
Auditoría de seguridad
SeguroAll 48 static findings are false positives. The skill contains legitimate AWS CLI commands for IAM security auditing, AWS documentation URLs, RFC5737 documentation IP addresses, and standard IAM policy syntax. This is a defensive security skill focused on IAM hardening and least privilege implementation with no malicious functionality.
Patrones detectados
Puntuación de calidad
Lo que puedes crear
Security Engineer Auditing IAM
Security engineer reviews AWS account IAM configurations quarterly, identifying overly permissive policies and users without MFA for remediation
Developer Creating S3 Access Policy
Developer creates a least-privilege S3 access policy that grants only required permissions to specific bucket prefixes
DevOps Implementing MFA Enforcement
DevOps team implements MFA-required policies to enforce multi-factor authentication for sensitive AWS operations
Prueba estos prompts
Review my IAM policies for common security issues like overly permissive actions, wildcard resources, or missing conditions.
Find all IAM users in my account that do not have MFA enabled and generate a list for remediation.
Create an IAM policy that allows read and write access to a specific S3 bucket prefix for a single user, using conditions for security.
Generate an IAM policy that denies all actions unless the requester has authenticated with MFA.
Mejores prácticas
- Use AWS managed policies instead of inline policies for better auditability and reusability
- Implement least privilege by granting only the specific actions needed for each use case
- Enable MFA for all users, especially those with administrative access
Evitar
- Using wildcard (*) in Action or Resource elements - always specify exact permissions
- Granting administrative access as a default - use role-based access control instead
- Skipping regular access reviews - schedule quarterly IAM policy audits
Preguntas frecuentes
Does this skill execute AWS API calls?
Can this skill create IAM policies for me?
What AWS CLI commands does this skill reference?
Is this skill safe to use in production environments?
Does this skill work with AWS Organizations?
What Python libraries are needed for automation?
Detalles del desarrollador
Autor
sickn33Licencia
MIT
Repositorio
https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/security/aws-iam-best-practicesRef.
main
Estructura de archivos
📄 SKILL.md