Can this skill manage application-level permissions?

No, it specifically targets deployment user permissions. Application or resource permissions, such as Lambda roles, should be managed via your primary IaC tool like Terraform.

How does this skill handle production permissions?

It requires explicit approval for production changes and uses strictly scoped ARN patterns to prevent account-wide access, ensuring production stability.

Does it maintain a record of changes?

Yes, every permission grant is recorded in a detailed IAM audit file including timestamps, reasons, resource scopes, and the profile used for the change.

Which AWS profiles are used for operations?

It uses a dedicated 'discover-deploy' profile for IAM operations to ensure strict separation from deployment profiles like 'test-deploy' or 'prod-deploy'.

Infrastructure Permission Manager

Name: Infrastructure Permission Manager
Author: fractary

byfractary

•

クラウドインフラストラクチャ

Automates AWS IAM permission management for deployment pipelines while maintaining a rigorous audit trail and environment scoping.

概要

The Infrastructure Permission Manager skill streamlines DevOps workflows by automatically identifying and granting missing IAM permissions required for successful infrastructure deployments. It strictly enforces security best practices by separating discovery profiles from deployment roles, scoping permissions to specific environment patterns (test vs. prod), and rejecting runtime resource permissions that should be managed via Infrastructure as Code (IaC). With built-in audit logging and mandatory approval flows for production changes, it provides a safe, compliant, and efficient way to resolve 'AccessDenied' errors during infrastructure rollouts.

主な機能

Automated distinction between deploy-time and runtime resource permissions
Strict profile separation between discovery and deployment roles
Environment-specific resource scoping using ARN pattern matching
Comprehensive JSON-based audit trail for all permission changes
2 GitHub stars
Automatic IAM permission discovery and remediation for deployment failures

ユースケース

Enforcing the principle of least privilege across test and production environments
Maintaining a compliant audit log of all infrastructure permission changes
Fixing AccessDenied errors in Terraform or CloudFormation deployments automatically

概要

主な機能

Automated distinction between deploy-time and runtime resource permissions
Strict profile separation between discovery and deployment roles
Environment-specific resource scoping using ARN pattern matching
Comprehensive JSON-based audit trail for all permission changes
2 GitHub stars
Automatic IAM permission discovery and remediation for deployment failures

ユースケース

Enforcing the principle of least privilege across test and production environments
Maintaining a compliant audit log of all infrastructure permission changes
Fixing AccessDenied errors in Terraform or CloudFormation deployments automatically