How does this skill handle MFA for AWS CLI?

It uses the `aws sts get-session-token` command combined with the 1Password CLI (`op`) to automatically fetch TOTP codes and authenticate your session.

Does this skill support the AWS root user?

No, it strictly follows security best practices by enforcing IAM user access and reserving the root account for critical administrative tasks only.

Which AWS services can I manage with this skill?

While it focuses on IAM and credentials, it includes patterns for managing S3 buckets, EC2 instances, and Lambda functions.

Can I use this with multiple AWS accounts?

The current configuration is optimized for a specific account ID, but the patterns and scripts are easily adaptable for multi-account environments.

Where are the AWS secret keys stored?

Keys are stored locally in a sourced environment file (`~/.env.zsh`) and backed up securely within a 1Password vault.

AWS Credentials & IAM Management

Name: AWS Credentials & IAM Management
Author: mshuffett

bymshuffett

Cloud Infrastructure

Manages AWS CLI credentials, IAM policies, and secure infrastructure operations using MFA-protected workflows.

About

This skill provides a structured framework for interacting with AWS services via the CLI, prioritizing security and developer efficiency. It centralizes account configuration, region settings, and console access while offering automated workflows for generating MFA-protected session tokens through 1Password integration. By standardizing secret management and providing pre-configured commands for S3, EC2, and Lambda, it ensures that developers follow IAM best practices and maintain a secure, audit-ready environment.

Key Features

MFA-protected CLI session token generation
Automated environment variable and secret backup workflows
Secure credential storage via 1Password integration
Centralized IAM user and group configuration guidance
0 GitHub stars
Standardized AWS resource auditing and discovery commands

Use Cases

Verifying caller identity and auditing active AWS resource permissions
Generating temporary STS session tokens for secure CLI operations
Configuring standardized development environments with synced AWS credentials

About

Key Features

MFA-protected CLI session token generation
Automated environment variable and secret backup workflows
Secure credential storage via 1Password integration
Centralized IAM user and group configuration guidance
0 GitHub stars
Standardized AWS resource auditing and discovery commands

Use Cases

Verifying caller identity and auditing active AWS resource permissions
Generating temporary STS session tokens for secure CLI operations
Configuring standardized development environments with synced AWS credentials