aws-iam

📁 bagelhole/devops-security-agent-skills 📅 9 days ago

总安装量

周安装量

#48222

全站排名

安装命令

npx skills add https://github.com/bagelhole/devops-security-agent-skills --skill aws-iam

Agent 安装分布

opencode 1

codex 1

claude-code 1

Skill 文档

AWS IAM

Manage identity and access in AWS.

IAM Policies

{
  "Version": "2012-10-17",
  "Statement": [{
    "Effect": "Allow",
    "Action": [
      "s3:GetObject",
      "s3:PutObject"
    ],
    "Resource": "arn:aws:s3:::my-bucket/*"
  }]
}

Create Role

# Create role with trust policy
aws iam create-role \
  --role-name EC2AppRole \
  --assume-role-policy-document '{
    "Version": "2012-10-17",
    "Statement": [{
      "Effect": "Allow",
      "Principal": {"Service": "ec2.amazonaws.com"},
      "Action": "sts:AssumeRole"
    }]
  }'

# Attach policy
aws iam attach-role-policy \
  --role-name EC2AppRole \
  --policy-arn arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess

Service-Linked Roles

# For services like ECS, RDS
aws iam create-service-linked-role \
  --aws-service-name ecs.amazonaws.com

Best Practices

security_practices:
  - Use roles, not long-term credentials
  - Implement least privilege
  - Enable MFA
  - Regular access reviews
  - Use IAM Access Analyzer
  - Implement SCPs for organizations

Policy Conditions

{
  "Condition": {
    "StringEquals": {
      "aws:RequestedRegion": "us-east-1"
    },
    "Bool": {
      "aws:MultiFactorAuthPresent": "true"
    }
  }
}

Best Practices

Follow least privilege
Use IAM roles for applications
Enable CloudTrail for auditing
Regular credential rotation
Use permission boundaries

Related Skills

terraform-aws – IaC deployment
access-review – Access auditing

GitHub 仓库 ↗ ← 返回陌讯 Skills 聚合平台