Skills
skills/bagelhole/devops-security-agent-skills/aws-iam

aws-iam

SKILL.md

AWS IAM

Manage identity and access in AWS.

IAM Policies

{
  "Version": "2012-10-17",
  "Statement": [{
    "Effect": "Allow",
    "Action": [
      "s3:GetObject",
      "s3:PutObject"
    ],
    "Resource": "arn:aws:s3:::my-bucket/*"
  }]
}

Create Role

# Create role with trust policy
aws iam create-role \
  --role-name EC2AppRole \
  --assume-role-policy-document '{
    "Version": "2012-10-17",
    "Statement": [{
      "Effect": "Allow",
      "Principal": {"Service": "ec2.amazonaws.com"},
      "Action": "sts:AssumeRole"
    }]
  }'

# Attach policy
aws iam attach-role-policy \
  --role-name EC2AppRole \
  --policy-arn arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess

Service-Linked Roles

# For services like ECS, RDS
aws iam create-service-linked-role \
  --aws-service-name ecs.amazonaws.com

Best Practices

security_practices:
  - Use roles, not long-term credentials
  - Implement least privilege
  - Enable MFA
  - Regular access reviews
  - Use IAM Access Analyzer
  - Implement SCPs for organizations

Policy Conditions

{
  "Condition": {
    "StringEquals": {
      "aws:RequestedRegion": "us-east-1"
    },
    "Bool": {
      "aws:MultiFactorAuthPresent": "true"
    }
  }
}

Best Practices

  • Follow least privilege
  • Use IAM roles for applications
  • Enable CloudTrail for auditing
  • Regular credential rotation
  • Use permission boundaries

Related Skills

Weekly Installs
13
Repository
bagelhole/devop…t-skills
GitHub Stars
13
First Seen
Feb 4, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
Installed on
codex13
opencode12
github-copilot11
kimi-cli11
gemini-cli11
cursor11