implementing-aws-iam-permission-boundaries
CommunityDelegate IAM creation with safe boundaries
AuthorAcczdy
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Prevents privilege escalation by ensuring every IAM role created for developers has a defined permission boundary, and by auditing existing roles for boundary compliance. IAM teams often delegate role creation to developers, which can lead to overly broad privileges. This Skill provides automated checks and policy generation to enforce least privilege.
Core Features & Use Cases
- Define and generate permission boundary policies that cap allowed actions for developer-created roles.
- Attach boundaries to roles and validate ongoing boundary enforcement across multiple AWS accounts.
- Audit roles lacking boundaries and produce compliance reports aligned with NIST CSF and Well-Architected standards.
Quick Start
Run the agent to audit IAM roles and generate a permission boundary policy for developer roles.
Dependency Matrix
Required Modules
boto3botocore
Components
scriptsreferencesassets
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: implementing-aws-iam-permission-boundaries Download link: https://github.com/Acczdy/MoZiSec/archive/main.zip#implementing-aws-iam-permission-boundaries Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.