securing-aws-iam-permissions
Installation
SKILL.md
Securing AWS IAM Permissions
When to Use
- When onboarding new AWS accounts or workloads that require scoped IAM policies
- When IAM Access Analyzer reports overly permissive policies or unused permissions
- When preparing for a compliance audit requiring least privilege evidence (SOC 2, PCI-DSS)
- When migrating from long-lived access keys to short-lived role-based credentials
- When remediating findings from AWS Security Hub related to IAM misconfigurations
Do not use for Azure AD or Google Cloud IAM configurations, application-level authorization logic, or federated identity provider setup (see managing-cloud-identity-with-okta).
Prerequisites
- AWS account with administrative access or IAM:FullAccess permissions
- AWS CLI v2 installed and configured with named profiles
- AWS CloudTrail enabled for at least 90 days of API activity history
- Familiarity with JSON-based IAM policy syntax and ARN resource notation