Can it detect public S3 buckets?

Yes, it identifies buckets missing public access blocks, missing encryption, or those containing overly permissive access control policies.

How does it help with IAM roles?

It evaluates policies for wildcard actions, lack of resource restrictions, and potential privilege escalation paths to ensure every identity follows the principle of least privilege.

Does it work with third-party security scanners?

Yes, it includes guidance for running and interpreting results from industry-standard tools like Prowler, Checkov, cfn-lint, and tfsec.

Does this skill support Infrastructure as Code?

Yes, it is specifically designed to review CloudFormation, CDK, and Terraform configurations for security misconfigurations before or after deployment.

AWS Infrastructure Security

Name: AWS Infrastructure Security
Author: curphey

bycurphey

0•

云基础设施

Performs systematic security reviews of AWS infrastructure to identify and remediate cloud misconfigurations based on least-privilege principles.

The AWS Infrastructure Security skill provides a rigorous framework for auditing cloud resources through a 'default deny' lens. It guides the analysis of IAM policies, network boundaries, and data protection mechanisms to identify critical vulnerabilities like wildcard permissions, public S3 buckets, and unencrypted secrets. By integrating best practices for CloudFormation, CDK, and Terraform, it helps developers and security engineers maintain compliance with the AWS shared responsibility model and prevent common causes of cloud breaches.

主要功能

010 GitHub stars

02Comprehensive IAM policy and role permission auditing

03Identification of hardcoded secrets and broad Lambda permissions

04Network isolation verification for VPCs and Security Groups

05S3 bucket public access and encryption configuration review

06Integration patterns for security scanners like Prowler and Checkov

使用场景

01Auditing existing IAM roles to enforce least-privilege access across the organization

02Reviewing Infrastructure as Code templates for security best practices before deployment

03Verifying VPC configurations and public exposure levels for compliance audits

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add curphey/bosun aws

For use in Claude.ai and ChatGPT