CtrlK
BlogDocsLog inGet started
Tessl Logo

iam

AWS Identity and Access Management for users, roles, policies, and permissions. Use when creating IAM policies, configuring cross-account access, setting up service roles, troubleshooting permission errors, or managing access control.

86

1.04x
Quality

82%

Does it follow best practices?

Impact

94%

1.04x

Average score across 3 eval scenarios

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Evaluation results

90%

10%

Third-Party Security Audit Access

Cross-account role with External ID

Criteria
Without context
With context

ExternalId present

100%

100%

ExternalId uses StringEquals

100%

100%

Correct principal account

100%

100%

sts:AssumeRole action

100%

100%

Read-only permissions

100%

100%

Scoped resources

0%

0%

No wildcard actions

50%

100%

No-pager CLI flag

0%

100%

Policy Version field

100%

100%

Confused deputy explanation

100%

100%

Roles over keys

100%

100%

92%

Microservices IAM Roles for Order Processing Platform

Least-privilege service roles with permission boundaries

Criteria
Without context
With context

Three separate roles

100%

100%

Lambda service principal

100%

100%

Trust policy conditions

0%

0%

Ingestor SQS scoped

100%

100%

Processor secrets scoped

100%

100%

Report generator S3 scoped

100%

100%

No cross-function access

100%

100%

Permission boundary created

100%

100%

Boundary blocks IAM

100%

100%

No wildcard actions

100%

100%

Lambda logging access

100%

100%

No-pager in script

100%

100%

Policy Version 2012-10-17

100%

100%

100%

Self-Service EC2 Management for Multi-Team Engineering Organization

ABAC tag-based policies with MFA enforcement

Criteria
Without context
With context

ABAC tag matching

100%

100%

No hard-coded instance ARNs

100%

100%

MFA condition for prod

100%

100%

BoolIfExists for MFA

100%

100%

Explicit Deny on key pairs

100%

100%

ec2:Describe always allowed

100%

100%

Tag-based team isolation

100%

100%

Policy Version field

100%

100%

Scalability explanation

100%

100%

Explicit deny rationale

100%

100%

Repository
itsmostafa/aws-agent-skills
Commit

5df6da7

Evaluated
Agent
Claude Code
Model
Claude Sonnet 4.6

Table of Contents

Third-Party Security Audit AccessMicroservices IAM Roles for Order Processing PlatformSelf-Service EC2 Management for Multi-Team Engineering Organization

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill