Can this skill manage application-level permissions?

No, it specifically targets deployment user permissions. Application or resource permissions, such as Lambda roles, should be managed via your primary IaC tool like Terraform.

How does this skill handle production permissions?

It requires explicit approval for production changes and uses strictly scoped ARN patterns to prevent account-wide access, ensuring production stability.

Does it maintain a record of changes?

Yes, every permission grant is recorded in a detailed IAM audit file including timestamps, reasons, resource scopes, and the profile used for the change.

Which AWS profiles are used for operations?

It uses a dedicated 'discover-deploy' profile for IAM operations to ensure strict separation from deployment profiles like 'test-deploy' or 'prod-deploy'.

Infrastructure Permission Manager

Name: Infrastructure Permission Manager
Author: fractary

$fractary$ byfractary

•

クラウドインフラストラクチャ

Automates AWS IAM permission management for deployment pipelines while maintaining a rigorous audit trail and environment scoping.

The Infrastructure Permission Manager skill streamlines DevOps workflows by automatically identifying and granting missing IAM permissions required for successful infrastructure deployments. It strictly enforces security best practices by separating discovery profiles from deployment roles, scoping permissions to specific environment patterns (test vs. prod), and rejecting runtime resource permissions that should be managed via Infrastructure as Code (IaC). With built-in audit logging and mandatory approval flows for production changes, it provides a safe, compliant, and efficient way to resolve 'AccessDenied' errors during infrastructure rollouts.

主な機能

01Automated distinction between deploy-time and runtime resource permissions

02Strict profile separation between discovery and deployment roles

03Environment-specific resource scoping using ARN pattern matching

04Comprehensive JSON-based audit trail for all permission changes

052 GitHub stars

06Automatic IAM permission discovery and remediation for deployment failures

ユースケース

01Enforcing the principle of least privilege across test and production environments

02Maintaining a compliant audit log of all infrastructure permission changes

03Fixing AccessDenied errors in Terraform or CloudFormation deployments automatically

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add fractary/claude-plugins infra-permission-manager

For use in Claude.ai and ChatGPT

Download Skill