securing-aws-iam-permissions

Featured

This skill guides practitioners through hardening AWS Identity and Access Management configurations to enforce least privilege access across cloud accounts. It covers IAM policy scoping, permission boundaries, Access Analyzer integration, and credential rotation strategies to reduce the blast radius of compromised identities.

AI & Automation 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Securing AWS IAM Permissions ## When to Use - When onboarding new AWS accounts or workloads that require scoped IAM policies - When IAM Access Analyzer reports overly permissive policies or unused permissions - When preparing for a compliance audit requiring least privilege evidence (SOC 2, PCI-DSS) - When migrating from long-lived access keys to short-lived role-based credentials - When remediating findings from AWS Security Hub related to IAM misconfigurations **Do not use** for Azure AD or Google Cloud IAM configurations, application-level authorization logic, or federated identity provider setup (see managing-cloud-identity-with-okta). ## Prerequisites - AWS account with administrative access or IAM:FullAccess permissions - AWS CLI v2 installed and configured with named profiles - AWS CloudTrail enabled for at least 90 days of API activity history - Familiarity with JSON-based IAM policy syntax and ARN resource notation ## Workflow ### Step 1: Inventory Existing IAM Entities and Policies Generate a comprehensive inventory of all IAM users, roles, groups, and attached policies using the AWS CLI and IAM credential reports. Identify accounts with console access, programmatic access keys, and their last-used timestamps. ```bash # Generate IAM credential report aws iam generate-credential-report aws iam get-credential-report --query 'Content' --output text | base64 -d > iam-report.csv # List all IAM roles and their attached policies aws iam list-roles --query 'Role...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Integrates with

Google Cloud · Cloud Azure · Cloud

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

aws-iam-best-practices

IAM policy review, hardening, and least privilege implementation

39,227 Updated today
sickn33
DevOps & Infrastructure Listed

aws-iam-best-practices

IAM policy review, hardening, and least privilege implementation

335 Updated today
aiskillstore
AI & Automation Solid

detecting-aws-iam-privilege-escalation

Detect AWS IAM privilege escalation paths using boto3 and Cloudsplaining policy analysis to identify overly permissive policies, dangerous permission combinations, and least-privilege violations

12,642 Updated today
mukul975
DevOps & Infrastructure Featured

securing-aws-lambda-execution-roles

Securing AWS Lambda execution roles by implementing least-privilege IAM policies, applying permission boundaries, restricting resource-based policies, using IAM Access Analyzer to validate permissions, and enforcing role scoping through SCPs.

12,642 Updated today
mukul975
DevOps & Infrastructure Solid

aws-cloudformation-iam

Provides AWS CloudFormation patterns for IAM roles, policies, managed policies, permission boundaries, and trust relationships. Use when modeling least-privilege access, cross-account assumptions, service roles, or reusable IAM stacks that other CloudFormation templates consume.

261 Updated 1 weeks ago
giuseppe-trisciuoglio