OpenSkillIndex← back to search
claude-codesecurity

Claude-skill-registry aws-iam-setup

Configure AWS IAM users, roles, policies, and identity federation

install
source · Clone the upstream repo
git clone https://github.com/majiayu000/claude-skill-registry
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/majiayu000/claude-skill-registry "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/data/aws-iam-setup" ~/.claude/skills/majiayu000-claude-skill-registry-aws-iam-setup && rm -rf "$T"
manifest: skills/data/aws-iam-setup/SKILL.md
tags
#iam-management#aws-configuration#security-setup#access-control
source content

AWS IAM Setup Skill

Configure secure identity and access management for AWS resources.

Quick Reference

AttributeValue
AWS ServiceIAM
ComplexityMedium
Est. Time15-30 min
PrerequisitesAWS account, admin access

Parameters

Required

ParameterTypeDescriptionValidation
entity_typestringuser, role, group, policyenum
entity_namestringName for the entity^[a-zA-Z0-9+=,.@_-]{1,64}$
actionstringcreate, update, delete, attachenum

Optional

ParameterTypeDefaultDescription
pathstring/IAM path for organization
max_session_durationint3600Role session duration (seconds)
permissions_boundarystringnullARN of permissions boundary
tagsobject{}Resource tags

Implementation

Create IAM User

# Create user with console access
aws iam create-user --user-name $USERNAME --path /developers/

# Create access keys
aws iam create-access-key --user-name $USERNAME

# Attach managed policy
aws iam attach-user-policy \
  --user-name $USERNAME \
  --policy-arn arn:aws:iam::aws:policy/PowerUserAccess

Create IAM Role

# Create role with trust policy
aws iam create-role \
  --role-name $ROLE_NAME \
  --assume-role-policy-document file://trust-policy.json \
  --max-session-duration 7200

# Attach policy
aws iam attach-role-policy \
  --role-name $ROLE_NAME \
  --policy-arn arn:aws:iam::aws:policy/ReadOnlyAccess

Trust Policy Example

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {"Service": "ec2.amazonaws.com"},
      "Action": "sts:AssumeRole"
    }
  ]
}

Retry Logic

def iam_operation_with_retry(operation, max_retries=3):
    for attempt in range(max_retries):
        try:
            return operation()
        except iam.exceptions.LimitExceededException:
            time.sleep(2 ** attempt)
    raise Exception("Max retries exceeded")

Troubleshooting

Common Issues

SymptomCauseSolution
EntityAlreadyExistsDuplicate nameUse unique name or update
MalformedPolicyDocumentInvalid JSONValidate policy syntax
LimitExceededToo many entitiesDelete unused or request increase

Debug Checklist

  • Policy JSON valid?
  • Trust relationship allows assumed principal?
  • Path matches organization standards?
  • MFA configured for privileged users?

Security Best Practices

  1. Least Privilege: Grant minimum required permissions
  2. Use Roles: Prefer roles over long-term credentials
  3. MFA Required: Enforce MFA for console access
  4. No Root Usage: Never use root for daily operations
  5. Regular Rotation: Rotate access keys every 90 days

Test Template

def test_iam_role_creation():
    # Arrange
    role_name = "test-role-" + str(uuid.uuid4())[:8]

    # Act
    role = create_iam_role(role_name, trust_policy)

    # Assert
    assert role["Arn"].endswith(role_name)

    # Cleanup
    delete_iam_role(role_name)

Assets

  • assets/iam-policies.yaml
    - Common policy templates

References