setting-up-ec2-instance-profiles
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- AWS CLI Command Execution: The skill identifies and executes a variety of AWS CLI commands (e.g.,
aws ec2,aws iam) to manage cloud resources. This is the primary function of the skill and is handled through structured procedures. - IAM Role and Policy Management: The instructions guide the agent to create and modify IAM roles, trust policies, and instance profiles. The skill explicitly promotes the principle of least privilege by recommending specific permissions over broad "FullAccess" policies to minimize security risk.
- EC2 Metadata Service (IMDSv2) Usage: The skill includes verification steps that interact with the EC2 Instance Metadata Service. It correctly specifies the use of IMDSv2 (session tokens) rather than the less secure IMDSv1, which is a standard security best practice for EC2 environments to prevent credential theft.
- Local File Interaction: To facilitate role creation, the skill generates and reads temporary JSON files (e.g.,
trust-policy.json). This is used locally to pass policy documents to the AWS CLI tools during the configuration process, following standard command-line practices.
Audit Metadata