aws-cloudformation-iam
AWS CloudFormation patterns for IAM users, roles, policies, and managed policies. Use when creating IAM resources with CloudFormation, implementing least privilege access, configuring cross-account access, setting up identity centers, managing permissions boundaries, and organizing template structure with Parameters, Outputs, Mappings, Conditions for secure infrastructure deployments.
Install with Tessl CLI
npx tessl i github:giuseppe-trisciuoglio/developer-kit --skill aws-cloudformation-iam83
Does it follow best practices?
If you maintain this skill, you can automatically optimize it using the tessl CLI to improve its score:
npx tessl skill review --optimize ./path/to/skillValidation for skill structure
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a well-crafted skill description that excels across all dimensions. It provides specific capabilities, uses natural AWS/CloudFormation terminology that practitioners would use, includes an explicit 'Use when...' clause with comprehensive trigger scenarios, and carves out a distinct niche at the intersection of CloudFormation and IAM.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'IAM users, roles, policies, and managed policies', 'implementing least privilege access', 'configuring cross-account access', 'setting up identity centers', 'managing permissions boundaries', and 'organizing template structure with Parameters, Outputs, Mappings, Conditions'. | 3 / 3 |
Completeness | Clearly answers both what ('AWS CloudFormation patterns for IAM users, roles, policies, and managed policies') and when ('Use when creating IAM resources with CloudFormation, implementing least privilege access, configuring cross-account access...') with explicit trigger guidance. | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural terms users would say: 'AWS', 'CloudFormation', 'IAM', 'users', 'roles', 'policies', 'least privilege', 'cross-account access', 'identity centers', 'permissions boundaries', 'Parameters', 'Outputs', 'Mappings', 'Conditions'. These are terms AWS practitioners naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | Very clear niche combining AWS CloudFormation specifically with IAM resources. The combination of 'CloudFormation' + 'IAM' + specific IAM concepts creates a distinct trigger profile unlikely to conflict with general AWS skills or general IAM skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
72%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill provides comprehensive, actionable CloudFormation templates for IAM resources with excellent code examples. However, it suffers from verbosity—many patterns could be condensed since Claude understands AWS IAM fundamentals. The skill would benefit from explicit validation workflows for deploying and testing IAM changes, particularly given the security-critical nature of IAM resources.
Suggestions
Add explicit validation workflow: 'aws cloudformation validate-template' before deploy, test role assumption after creation, verify policy effectiveness with IAM Policy Simulator
Condense the content by removing explanatory text Claude already knows (e.g., 'Permission boundaries limit maximum permissions') and focus on the unique patterns and gotchas
Add a troubleshooting section for common IAM CloudFormation errors (circular dependencies, capability requirements, drift remediation steps)
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is comprehensive but overly verbose for Claude's capabilities. Many sections explain standard AWS concepts and include extensive boilerplate that Claude already knows. The 1000+ lines could be significantly condensed while preserving actionable content. | 2 / 3 |
Actionability | Excellent actionability with fully executable CloudFormation YAML templates throughout. Every pattern includes copy-paste ready code with proper resource definitions, policies, and configurations. CLI commands are also provided for stack management operations. | 3 / 3 |
Workflow Clarity | While individual templates are clear, the skill lacks explicit validation workflows for IAM deployments. Missing are validation checkpoints like 'validate template before deploy', 'test role assumptions after creation', or error recovery steps for failed stack updates. | 2 / 3 |
Progressive Disclosure | Good structure with clear section headers and appropriate references to REFERENCE.md and EXAMPLES.md for additional details. Content is organized logically from basic templates to advanced patterns like SCPs and Identity Center. | 3 / 3 |
Total | 10 / 12 Passed |
Validation
62%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 16 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
skill_md_line_count | SKILL.md is long (1572 lines); consider splitting into references/ and linking | Warning |
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
metadata_version | 'metadata' field is not a dictionary | Warning |
license_field | 'license' field is missing | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
body_steps | No step-by-step structure detected (no ordered list); consider adding a simple workflow | Warning |
Total | 10 / 16 Passed | |
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.