← Back to Skills Marketplace

Watadot Aws Iam

Name: Watadot Aws Iam
Author: ordiy

by ordiy · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ✓ Security Clean

265

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install watadot-aws-iam

Description

IAM security patterns by Watadot Studio. Manage users, roles, and policy verification.

README (SKILL.md)

AWS IAM Skills

Security-first identity and access management patterns.

🚀 Core Commands

Identity Audit

# List all users with ARN and creation date
aws iam list-users --query "Users[].{User:UserName,Arn:Arn,Date:CreateDate}" --output table

# Find unused access keys (90+ days)
aws iam list-users --query "Users[].UserName" --output text | xargs -I {} aws iam list-access-keys --user-name {} --query "AccessKeyMetadata[?Status==\`Active\` && CreateDate \x3C \`2025-12-31\`]"

Role Orchestration

# Assume a role and get temporary credentials
aws sts assume-role --role-arn \x3Crole-arn> --role-session-name "OpenClawSession"

# List policies attached to a specific role
aws iam list-attached-role-policies --role-name \x3Crole-name> --query "AttachedPolicies[].PolicyName"

Policy Verification

# Get effective policy document
aws iam get-policy-version --policy-arn \x3Carn> --version-id \x3Cid> --query "PolicyVersion.Document"

🧠 Best Practices

Never use Root: Use IAM users or SSO roles for daily operations.
Short-lived Credentials: Prefer sts assume-role over permanent access keys.
MFA Enforcement: Enable Multi-Factor Authentication for all console and sensitive CLI access.
Access Analyzer: Regularly run IAM Access Analyzer to find unintended public or cross-account access.

Usage Guidance

This skill is coherent and appears to do what it says: run aws CLI IAM checks. Before using it: (1) ensure the aws CLI is installed and configured with appropriate, least-privilege credentials (prefer read-only/IAM-read policies for audits); (2) review and adjust the example filters (the access-key check uses a hard-coded 2025-12-31 date — replace with a proper relative date or use aws iam get-access-key-last-used for accuracy); (3) when using sts assume-role, handle temporary credentials securely (don't persist them in logs or public places); (4) run commands in a non-production account or with limited permissions first to confirm behavior; (5) remember that outputs will reflect what the AWS credentials used can access — do not run these commands from an account you don't trust. Overall there are no unexplained env or network requirements and no install-time code, so the risk surface is limited to whatever your configured AWS credentials permit.

Capability Analysis

Type: OpenClaw Skill Name: watadot-aws-iam Version: 1.0.0 The skill bundle contains standard AWS CLI commands for IAM auditing and management, such as listing users, checking access key ages, and assuming roles. The instructions in SKILL.md align with security best practices and do not exhibit any signs of malicious intent, data exfiltration, or prompt injection.

Capability Assessment

✓ Purpose & Capability

Name/description: IAM management. Declared requirement: aws CLI. No unrelated credentials, binaries, or install steps. The aws CLI is an appropriate and expected dependency for this purpose.

ℹ Instruction Scope

SKILL.md contains concrete aws CLI commands for listing users, checking access keys, assuming roles, and fetching policy documents — all within IAM scope. Two minor notes: (1) the 'find unused access keys' example uses a hard-coded date (2025-12-31), which is likely a copy/paste or stale example and can produce incorrect results; (2) the assume-role command returns temporary credentials — the instructions do not say how to handle or store them, so an operator should ensure they are handled securely. Otherwise the instructions do not reference unrelated files, env vars, or external endpoints.

✓ Install Mechanism

Instruction-only skill with no install spec. This is low risk because nothing is downloaded or written by the skill itself.

✓ Credentials

No required environment variables or credentials are declared. The skill relies on the operator's configured AWS credentials (as expected for aws CLI usage). No unrelated secrets are requested.

✓ Persistence & Privilege

always is false and the skill is user-invocable. It does not request permanent presence or modify other skills or system-wide settings.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install watadot-aws-iam
After installation, invoke the skill by name or use /watadot-aws-iam
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

- Initial release of watadot-aws-iam. - Provides IAM security patterns for managing AWS users, roles, and policy verification. - Includes audit commands for users and access keys, role orchestration, and policy inspection. - Documents security best practices, including MFA enforcement and use of Access Analyzer.

Metadata

Slug watadot-aws-iam

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Watadot Aws Iam?

IAM security patterns by Watadot Studio. Manage users, roles, and policy verification. It is an AI Agent Skill for Claude Code / OpenClaw, with 265 downloads so far.

How do I install Watadot Aws Iam?

Run "/install watadot-aws-iam" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Watadot Aws Iam free?

Yes, Watadot Aws Iam is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Watadot Aws Iam support?

Watadot Aws Iam is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Watadot Aws Iam?

It is built and maintained by ordiy (@ordiy); the current version is v1.0.0.

More Skills