aws-iam-policy-auditor
Audit AWS IAM policies and roles for over-privilege, wildcard permissions, and least-privilege violations
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/anmolnagpal/iam-policy-auditorWhat This Skill Does
The AWS IAM Policy Auditor is a specialized security analysis tool designed for cloud engineers and security practitioners to harden their AWS environment. It acts as an expert IAM auditor that evaluates your JSON-based IAM policies against security best practices and the principle of least privilege. By parsing complex policy structures, the skill identifies dangerous patterns like wildcard resource access, excessive permission granting, and privilege escalation vectors. It maps these findings directly to the MITRE ATT&CK Cloud framework, helping you understand not just that a policy is insecure, but specifically how an attacker could exploit it. Beyond simple detection, it provides actionable remediation by generating optimized, least-privilege policy drafts, ensuring your applications remain functional while minimizing the blast radius in the event of a compromise.
Installation
To integrate this auditing capability into your OpenClaw environment, execute the following command in your terminal:
clawhub install openclaw/skills/skills/anmolnagpal/iam-policy-auditor
Use Cases
- Pre-deployment Audits: Scan CI/CD policy artifacts before they are terraformed or deployed into production to catch insecure configurations.
- Post-Incident Remediation: Analyze roles associated with compromised assets to determine the extent of access and generate restrictive replacements.
- Cloud Security Posture Management (CSPM): Periodically audit existing IAM roles attached to EC2 instances, Lambda functions, or IAM users to reduce technical debt and over-provisioned permissions.
- Compliance Reporting: Generate risk scores and MITRE mappings to document the security posture for internal or external audit requirements.
Example Prompts
- "Analyze the following IAM policy attached to our production EC2 instance profile and provide a least-privilege version: [PASTE POLICY JSON]"
- "Identify all potential privilege escalation vectors in this JSON policy and map them to their corresponding MITRE ATT&CK techniques."
- "Is this policy secure for a S3-read-only role? Highlight any wildcard resources that could lead to data exfiltration."
Tips & Limitations
- Context Matters: While the tool performs static analysis, always verify the generated replacement policy in a non-production account (e.g., AWS Sandbox) before deploying to production.
- Implicit Deny: Remember that AWS follows an implicit deny strategy; the auditor focuses on 'Allow' statements, but ensure your overall organizational SCPs are also configured correctly.
- Instance Profiles: Pay special attention to policies attached to EC2 instance profiles, as these are frequently targeted by attackers via the Metadata Service (IMDS).
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-anmolnagpal-iam-policy-auditor": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: data-collection
Related Skills
aws-compliance-analyzer
Map AWS environment against CIS, SOC 2, HIPAA, or PCI-DSS controls with prioritized remediation
aws-terraform-security-reviewer
Review Terraform plans and HCL files for AWS security misconfigurations before deployment
azure-storage-exposure-auditor
Identify publicly accessible Azure Storage accounts and misconfigured blob containers
aws-tagging-auditor
Audit AWS resource tagging compliance and identify unallocatable spend for FinOps teams
gcp-bigquery-optimizer
Analyze BigQuery query patterns and storage to dramatically reduce the