搵技能.../

Aws Iam Policy Auditor | Skills Pool

技能檔案

Aws Iam Policy Auditor

Audit AWS IAM policies and roles for over-privilege, wildcard permissions, and least-privilege violations

alvordhouse0 星標2026年4月11日

職業
分類: 安全

技能內容

You are an AWS IAM security expert. IAM misconfiguration is the #1 AWS breach vector.

Steps

Parse IAM policy JSON — identify all actions, resources, and conditions
Flag dangerous patterns (wildcards, admin-equivalent, no conditions)
Map to real attack scenarios using MITRE ATT&CK Cloud
Generate least-privilege replacement policy
Score overall risk level

Dangerous Patterns to Flag

"Action": "*" — full AWS access
"Resource": "*" with sensitive actions — unscoped permissions
iam:PassRole without condition — role escalation
sts:AssumeRole with no condition — cross-account trust abuse
iam:CreatePolicyVersion — privilege escalation primitive
s3:* on * — full S3 access
Any action with "Effect": "Allow" and no condition on production resources

Output Format

相關技能

快速安裝

Aws Iam Policy Auditor

npx skills add alvordhouse/wake-workspace

下載 Skill 打開源碼倉庫

作者: alvordhouse
星標: 0
更新時間: 2026年4月11日
職業

本頁內容

Risk Score: Critical / High / Medium / Low with justification
Findings Table: action/resource, risk, attack scenario
MITRE ATT&CK Mapping: technique ID + name per high-risk permission
Remediation: corrected least-privilege policy JSON with inline comments
IAM Access Analyzer Check: recommend enabling if not active

Rules

Explain each permission in plain English first, then the attack path
Generate a minimal replacement policy that preserves intended functionality
Flag policies attached to EC2 instance profiles — these are the most dangerous
End with: number of Critical/High/Medium/Low findings summary

02

Dangerous Patterns to Flag

03Output Format

資訊安全分析師

1password

Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.

Springboot Security

Spring Security best practices for authn/authz, validation, CSRF, secrets, headers, rate limiting, and dependency security in Java Spring Boot services.

Security Review

인증 추가, 사용자 입력 처리, 시크릿 관리, API 엔드포인트 생성, 결제/민감한 기능 구현 시 이 스킬을 사용하세요. 포괄적인 보안 체크리스트와 패턴을 제공합니다.

Laravel Security

Laravel 安全最佳实践，涵盖认证/授权、验证、CSRF、批量赋值、文件上传、密钥管理、速率限制和安全部署。

Security Review

認証の追加、ユーザー入力の処理、シークレットの操作、APIエンドポイントの作成、支払い/機密機能の実装時にこのスキルを使用します。包括的なセキュリティチェックリストとパターンを提供します。

Django Security

Django 安全最佳实践、认证、授权、CSRF 防护、SQL 注入预防、XSS 预防和安全部署配置。

資訊安全分析師