iam

This skill provides comprehensive support for AWS Identity and Access Management (IAM), serving as an essential tool for cloud engineers and developers who need to secure AWS infrastructure. It acts as a specialized assistant for defining granular security controls, automating user lifecycle management, and implementing the principle of least privilege across complex multi-account environments. Whether you are building serverless applications, managing Kubernetes clusters, or orchestrating data pipelines, this skill assists in writing robust JSON-based IAM policies, troubleshooting AccessDenied exceptions, and architecting secure cross-account role assumption workflows.

• Expert generation of identity-based policies, resource-based policies, permission boundaries, and Service Control Policies (SCPs).

• Guidance on configuring IAM roles, trust relationships, and temporary security token workflows via STS (Security Token Service).

• Troubleshooting assistance for AWS CLI and SDK (boto3) errors, including policy evaluation logic and condition key validation.

• Security best practice implementation, such as enforcing multi-factor authentication (MFA), credential rotation strategies, and IAM Access Analyzer utilization.

• Support for advanced authentication patterns like federated access, OIDC, and integrating with IAM Identity Center for enterprise SSO.

• Users should provide specific context such as the target AWS service, the required access scope, and the specific principal (user or service) involved.

• Expected outputs include ready-to-use JSON policy documents, CLI commands for role creation/attachment, and step-by-step diagnostic procedures for permission debugging.

• Constraints: Always favor least-privilege principles and avoid hard-coded credentials. The skill is designed for automated infrastructure-as-code environments and manual CLI-driven operations.

• Highly recommended for users managing DynamoDB, S3, Lambda, or EKS resources where fine-grained access control is critical to system stability.