How does this skill improve cloud security?

It strictly enforces the principle of least privilege, ensuring users and services only have the specific permissions needed for their tasks, which prevents lateral movement and data breaches.

Does it support multi-cloud environments?

Yes, it provides specific guidance and implementation patterns for AWS IAM (Roles/Policies), Azure RBAC (Built-in/Custom), and Google Cloud IAM (Service Accounts/Predefined roles).

Is it suitable for service account management?

Yes, it includes specialized instructions for managing non-human identities, utilizing short-lived tokens, and implementing automated credential rotation strategies.

Can it help remediate existing security vulnerabilities?

Absolutely. It identifies common anti-patterns like wildcard permissions ('*') and helps refactor them into granular, resource-specific policies that reduce your attack surface.

IAM Policy Design

Name: IAM Policy Design
Author: sethdford

bysethdford

•

보안 및 테스팅

Designs and implements least-privilege Identity and Access Management policies for secure cloud and on-premise infrastructure.

This skill enables Claude to act as a senior IAM architect, guiding the creation of secure, granular access control policies across AWS, Azure, Google Cloud, and on-premise environments like Active Directory. It emphasizes the principle of least privilege, providing structured guidance on defining identity categories, implementing Role-Based Access Control (RBAC), and securing service accounts to prevent privilege escalation. By following industry standards like NIST and cloud-specific best practices, this skill helps users avoid dangerous anti-patterns like wildcard permissions and long-lived credentials, ensuring infrastructure remains compliant and resilient against lateral movement.

주요 기능

01Least-privilege enforcement and wildcard permission mitigation

02Automated audit and compliance reporting frameworks

03RBAC and resource-based policy architecture mapping

045 GitHub stars

05Multi-cloud policy generation for AWS, Azure, and GCP

06Service account security including tokenization and rotation

사용 사례

01Generating production-ready AWS IAM roles for microservices

02Designing granular Azure RBAC custom roles for DevOps teams

03Auditing existing cloud permissions to identify and remove over-privileged identities

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add sethdford/claude-skills iam-policy-design

For use in Claude.ai and ChatGPT

주요 기능

01Least-privilege enforcement and wildcard permission mitigation

02Automated audit and compliance reporting frameworks

03RBAC and resource-based policy architecture mapping

045 GitHub stars

05Multi-cloud policy generation for AWS, Azure, and GCP

06Service account security including tokenization and rotation

사용 사례

01Generating production-ready AWS IAM roles for microservices

02Designing granular Azure RBAC custom roles for DevOps teams

03Auditing existing cloud permissions to identify and remove over-privileged identities

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add sethdford/claude-skills iam-policy-design

For use in Claude.ai and ChatGPT