infra-rbac-audit

What problem does it solve?

This Skill helps you prevent data-platform over-privileged access by auditing RBAC and permissions across Kubernetes, AWS IAM, GCP IAM, databases, and Airflow, so risky configurations are found before they cause incidents.

Core Features & Use Cases

• Kubernetes RBAC audit: Detects cluster-admin bindings, wildcard permissions, over-permissive service accounts, and token automount patterns to enforce least privilege.
• Cloud IAM audits (AWS/GCP): Reviews external access findings, flags admin-equivalent policies, checks role last-used behavior, and identifies overly broad owner/editor bindings and service account key usage.
• Database & Airflow RBAC checks: Surfaces dangerous PostgreSQL roles (e.g., superuser/CREATEDB), audits Trino/public grants, and highlights Airflow users with administrative roles.
• Operational use cases: Pre-compliance reviews (SOC2/GDPR/PCI-DSS), insider-threat investigations, onboarding permission alignment, quarterly access reviews, and cleanup of orphaned or excessive service accounts.

Quick Start

Ask your agent to run an RBAC audit across Kubernetes, AWS IAM, GCP IAM, PostgreSQL/Trino grants, and Airflow roles and return a prioritized checklist of violations with remediation guidance.