ops-aws-auditlisted

Read-only AWS account hygiene audit — security baseline, unused/orphaned resources, and cost optimization across all configured regions. Produces severity-ranked findings (CRITICAL→LOW) plus a machine-readable findings.json. Cleanup actions are always human-gated, never automatic. Use for cost reviews, security sweeps, recurring account hygiene, or "audit my AWS".
Lifecycle-Innovations-Limited/claude-ops · ★ 17 · AI & Automation · score 86

Install: claude install-skill Lifecycle-Innovations-Limited/claude-ops

## What this does Runs `scripts/ops-aws-audit.sh` — a **read-only** sweep that never mutates AWS. It inventories and analyses, then writes a severity-ranked report. Checks include (2026 baseline): - **IAM / credentials** — root access key + root MFA, access keys older than `AUDIT_KEY_AGE_DAYS` (default 90), console users without MFA, and whether an **IAM Access Analyzer (UNUSED_ACCESS)** is configured. - **EC2 / EBS** — unattached volumes, `gp2`→`gp3` candidates, unencrypted volumes, unassociated Elastic IPs, security groups open to `0.0.0.0/0` on SSH/RDP. - **RDS** — unencrypted or publicly-accessible instances, and **orphaned manual snapshots** whose source DB no longer exists. - **S3** — account-level Block Public Access, per-bucket default encryption and lifecycle policies. - **CloudWatch Logs** — log groups with no retention (billed forever). - **Lambda** — deprecated/old runtimes. - **Security posture** — GuardDuty, Security Hub standards, Cost Anomaly Detection monitors, Compute Optimizer enrollment. - **Cost** — per-service spend over the last `AUDIT_COST_DAYS` with the Δ vs the prior window (surfaces spend spikes, per ops cost-leak doctrine). ## Configuration (env, all optional) | Var | Default | Meaning | |-----|---------|---------| | `AUDIT_PROFILE` | _(unset)_ | Named AWS profile. Unset ⇒ standard chain (env keys / instance role / SSO). | | `AUDIT_REGIONS` | `$AWS_REGION` or `us-east-1` | Comma-separated regions. | | `AUDIT_OUTPUT_DIR` | `~/.aw