{"id":50861261,"url":"https://github.com/cooco119/aws-iam-safe-agent-skill","last_synced_at":"2026-06-14T21:35:29.735Z","repository":{"id":360570648,"uuid":"1250760938","full_name":"cooco119/aws-iam-safe-agent-skill","owner":"cooco119","description":null,"archived":false,"fork":false,"pushed_at":"2026-05-27T01:10:17.000Z","size":16,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-27T02:19:42.821Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cooco119.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-05-27T00:17:53.000Z","updated_at":"2026-05-27T01:10:23.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/cooco119/aws-iam-safe-agent-skill","commit_stats":null,"previous_names":["cooco119/aws-iam-safe-agent-skill"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/cooco119/aws-iam-safe-agent-skill","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cooco119%2Faws-iam-safe-agent-skill","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cooco119%2Faws-iam-safe-agent-skill/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cooco119%2Faws-iam-safe-agent-skill/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cooco119%2Faws-iam-safe-agent-skill/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cooco119","download_url":"https://codeload.github.com/cooco119/aws-iam-safe-agent-skill/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cooco119%2Faws-iam-safe-agent-skill/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34339195,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-14T02:00:07.365Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-06-14T21:35:29.057Z","updated_at":"2026-06-14T21:35:29.730Z","avatar_url":"https://github.com/cooco119.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# aws-iam-safe-agent-skill\n\nA reusable skill + Terraform template for giving AI agents AWS access **without**\nhanding them the keys to your account.\n\n\u003e If your plan is \"create an IAM User, attach `AdministratorAccess`, and paste the\n\u003e access key into the agent's `.env`\", stop. That is how databases get dropped\n\u003e overnight. This repo is the fix.\n\n---\n\n## Why this exists\n\nAI agents — Hermes, OpenClaw, LangGraph, CrewAI, your own boto3 loop, doesn't\nmatter — fail differently than humans. They retry forever. They hallucinate\nresources. They run while you sleep. They share their environment variables\nwith whoever prompt-injects them. A permanent IAM access key bolted to a\npermissive user turns each of those failure modes into an unbounded incident.\n\nThis skill replaces that pattern with **STS AssumeRole + MFA**:\n\n1. The agent's IAM User has **only** `sts:AssumeRole` on an explicit list of role ARNs.\n2. Each role is **purpose-scoped** (one task = one role), leased for **15 minutes**\n   via the AssumeRole `DurationSeconds` (the role ceiling is AWS's 3600s minimum),\n   and **MFA-gated** in its trust policy.\n3. When the agent wants to act, it asks for approval, a human taps MFA, and the\n   agent gets 15-minute credentials for one role.\n4. Blast radius if anything goes wrong: **15 minutes × one role's scope**.\n\n---\n\n## Direct-attach vs. Role Assume\n\n| | IAM User direct-attach | Role Assume + MFA (this skill) |\n|---|---|---|\n| Token lifetime | Permanent | 15 minutes |\n| Permission scope | Always-on, broad | Per-task, narrow |\n| Human in the loop | None | MFA on every assume |\n| Blast radius on compromise | Account-wide, indefinite | One role, 15 minutes |\n| Auditability | Coarse | Per-assume in CloudTrail with reason |\n| Secret rotation | Manual | Automatic (expiry) |\n\n---\n\n## Repo layout\n\n```\naws-iam-safe-agent-skill/\n├── SKILL.md                    ← The skill. Read this first.\n├── README.md                   ← You are here.\n├── LICENSE                     ← MIT.\n├── .gitignore\n├── templates/\n│   └── iam_roles.tf            ← Terraform: 1 IAM User + 4 reference roles.\n└── references/\n    └── assume_snippet.py       ← boto3 STS AssumeRole helper for the agent.\n```\n\n`SKILL.md` is the canonical document — design rules, agent system prompt block,\npre-deploy checklist. `templates/` and `references/` are the artifacts you\nactually wire into your stack.\n\n---\n\n## Quickstart (Terraform)\n\nPrereqs: Terraform \u003e= 1.5, AWS credentials with IAM admin (for the apply only).\n\n```bash\ncd templates/\n\ncat \u003e terraform.tfvars \u003c\u003c'EOF'\nagent_name    = \"hermes\"\nenv           = \"dev\"\naccount_id    = \"123456789012\"\nregion        = \"ap-northeast-2\"\ndeploy_bucket = \"hermes-dev-deploy\"\nEOF\n\nterraform init\nterraform plan       # review every resource. especially the Trust Policies.\nterraform apply\n```\n\nOutputs:\n\n- `agent_user_arn` — the IAM User. Mint an access key for it out-of-band\n  (`aws iam create-access-key`), store the key in your secret manager, give\n  **only** the agent process access to it.\n- `role_arns` — map of `role_key → role ARN`. Paste this into\n  `references/assume_snippet.py`'s `ROLE_ARNS` (or load it from config).\n\nThen go through the **pre-deploy checklist in `SKILL.md`** before pointing the\nagent at the account. Every box. No exceptions.\n\n---\n\n## Wiring into the agent\n\n1. Drop `references/assume_snippet.py` into your agent's codebase.\n2. Replace `request_approval()` with your real approval channel (Slack\n   interactive message, Telegram bot, CLI prompt for local dev, PagerDuty Custom\n   Action — whatever fits). It must collect a fresh MFA TOTP from a human.\n3. Forbid all other paths to AWS. The agent must not construct boto3 clients\n   from raw env vars; every client is built from `assume(...)`'s return value.\n4. Paste the \"Agent System Prompt block\" from `SKILL.md` into the agent's\n   system prompt verbatim.\n\n---\n\n## Running on EC2 / ECS / Lambda?\n\nDon't use an IAM User at all. Use the platform's native identity (Instance\nProfile / Task Role / Lambda Execution Role / IRSA) as the *base* identity,\nand keep only the **per-task purpose-scoped roles** half of this design.\nSee the closing note in `SKILL.md`.\n\n---\n\n## License\n\nMIT — see [LICENSE](LICENSE).\n\nAuthor: Kyle Lee \u0026lt;markman0510@gmail.com\u0026gt;\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcooco119%2Faws-iam-safe-agent-skill","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcooco119%2Faws-iam-safe-agent-skill","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcooco119%2Faws-iam-safe-agent-skill/lists"}