Skills
skills/bagelhole/devops-security-agent-skills/access-review

access-review

SKILL.md

Access Review

Implement periodic access review processes.

Review Process

access_review_workflow:
  1_extract:
    - Pull access data from systems
    - Generate access report
    
  2_review:
    - Manager certification
    - Risk-based prioritization
    - Decision documentation
    
  3_action:
    - Revoke unnecessary access
    - Update exceptions
    - Document decisions
    
  4_report:
    - Compliance metrics
    - Remediation tracking

AWS IAM Review

# Generate credential report
aws iam generate-credential-report
aws iam get-credential-report --output text --query Content | base64 -d

# Find inactive users
aws iam list-users | jq -r '.Users[] | select(.PasswordLastUsed < "2024-01-01") | .UserName'

# List unused access keys
aws iam get-access-key-last-used --access-key-id AKIAXXXXXXXX

Automation

def generate_access_report():
    users = get_all_users()
    report = []
    
    for user in users:
        report.append({
            'user': user.email,
            'roles': user.roles,
            'last_login': user.last_login,
            'manager': user.manager,
            'review_status': 'pending'
        })
    
    return report

Best Practices

  • Quarterly reviews minimum
  • Risk-based frequency
  • Manager attestation
  • Automated revocation
  • Audit trail maintenance
Weekly Installs
11
Repository
bagelhole/devop…t-skills
GitHub Stars
13
First Seen
Feb 4, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
Installed on
opencode11
codex11
claude-code10
github-copilot10
kimi-cli10
gemini-cli10