aws-iam-best-practices
IAM policy review, hardening, and least privilege implementation
Install with Tessl CLI
npx tessl i github:boisenoise/skills-collections --skill aws-iam-best-practicesOverall
score
61%
Does it follow best practices?
If you maintain this skill, you can automatically optimize it using the tessl CLI to improve its score:
npx tessl skill review --optimize ./path/to/skillValidation for skill structure
Discovery
33%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description identifies a clear domain (IAM policies) and lists relevant capabilities, but lacks explicit trigger guidance for when to use the skill. It uses appropriate third-person voice but would benefit from more concrete actions and natural user keywords to improve discoverability among competing skills.
Suggestions
Add a 'Use when...' clause with explicit triggers like 'Use when reviewing AWS IAM policies, analyzing permissions, or implementing least privilege access controls'
Include more natural trigger terms users would say: 'permissions', 'access control', 'AWS roles', 'security policies', 'overprivileged'
Make actions more concrete: 'Analyzes IAM policy statements, identifies overprivileged permissions, recommends minimal access policies'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (IAM policy) and lists three actions (review, hardening, least privilege implementation), but these are somewhat abstract rather than concrete specific actions like 'analyze policy statements' or 'remove unused permissions'. | 2 / 3 |
Completeness | Only addresses 'what' (IAM policy work) but completely lacks any 'Use when...' clause or explicit trigger guidance for when Claude should select this skill. | 1 / 3 |
Trigger Term Quality | Includes relevant terms like 'IAM policy', 'hardening', and 'least privilege' that users might say, but misses common variations like 'permissions', 'access control', 'AWS IAM', 'security policy', or 'role permissions'. | 2 / 3 |
Distinctiveness Conflict Risk | IAM policy is a specific domain that distinguishes it from general security skills, but could overlap with broader cloud security or AWS configuration skills without clearer boundaries. | 2 / 3 |
Total | 7 / 12 Passed |
Implementation
65%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a solid, actionable IAM security skill with excellent executable code examples and comprehensive policy templates. However, it's overly long with some redundant explanatory content, and the workflow for destructive operations like key rotation lacks explicit validation checkpoints. The content would benefit from splitting detailed scripts into separate files.
Suggestions
Add explicit validation steps for key rotation workflow (e.g., 'Verify new key works: aws sts get-caller-identity --profile newkey' before deactivating old key)
Remove or condense the 'Core Principles' and 'When to Use' sections - Claude knows IAM security concepts
Split the Python hardening script and detailed bash scripts into separate reference files, keeping only quick examples in the main skill
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is reasonably efficient but includes some unnecessary sections like 'When to Use' and 'Example Prompts' that don't add value. The 'Core Principles' section explains concepts Claude already knows about IAM security. | 2 / 3 |
Actionability | Excellent executable code throughout - bash scripts for finding overly permissive policies, MFA checks, access key management, and a complete Python hardening script. JSON policy templates are copy-paste ready. | 3 / 3 |
Workflow Clarity | The hardening checklist provides good structure, but multi-step processes like key rotation lack explicit validation checkpoints. The 'deactivate old key (test first)' comment is vague - no concrete validation step before deletion. | 2 / 3 |
Progressive Disclosure | Content is well-organized with clear sections, but the skill is monolithic (~300 lines) with detailed scripts that could be split into separate reference files. External links are provided but internal progressive disclosure is missing. | 2 / 3 |
Total | 9 / 12 Passed |
Validation
91%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.