AWS IAM — Common Pitfalls

Trust Score 90/100

Verified corrections and edge-case guidance for AWS IAM, STS, Organizations, SAML, and policy evaluation to avoid common authorization mistakes.

triggers:iamassume-roleiam:passrolepolicy evaluationstssamlorganizationsmfa

GitHub SKILL.md

What it does

This skill collects verified corrections and practical guidance for AWS Identity and Access Management (IAM) and related services (STS, Organizations, SAML, MFA). It helps agents answer IAM questions accurately by calling out common pitfalls, policy-evaluation quirks, service-specific trust requirements, and SDK/console behaviour that often mislead automated agents.

When to use it

Use this skill when diagnosing or authoring IAM policies, troubleshooting AssumeRole/ST S interactions, building cross-account trust, handling SAML/OIDC setups, or explaining privilege-escalation risks tied to iam:PassRole. Also useful when precise SDK/CLI behaviours, CloudTrail logging locations, or managed policy limits matter.

What's included

Scripts: None included in the skill directory (has_scripts=false).
References: None packaged with the skill file (has_references=false), but the body links to official AWS docs for authoritative checks.
Instructions: Concrete edge-case guidance covering CloudTrail logging nuances, STS/getSessionToken limits, Organizations removal/close semantics, policy-evaluation examples (ForAllValues + Null), MFA behaviours, SigV4 notes, and service-specific trust principals. Practical warnings about iam:PassRole escalation are provided.

Compatible agents

Inferred compatible agents: Copilot/Codex-style assistants and automation tooling that can call AWS docs or SDKs (e.g., Copilot, Claude Code, GPT-based code assistants).

Audit Summary

AWS IAM common pitfalls reference skill from the official AWS agent toolkit. Pure knowledge-based skill with no scripts — contains verified corrections for IAM edge cases that AI agents frequently get wrong. Well-structured with clear sections for CloudTrail, STS, Organizations, SAML, policy evaluation, MFA, and SigV4. No security concerns; purely informational content with no executable code, network calls, or data exfiltration risks.

Watch Out

Pure reference skill with no scripts or automation — usefulness depends on agent needing IAM-specific guidance
Scope limited to IAM/STS/Organizations/SAML; explicitly not for Cognito or app-level RBAC

Notes

High-quality reference content from the official AWS agent-toolkit repo. No scripts, no security issues. Architecture follows the skill spec with proper frontmatter and clear scope delineation. Useful for developers working with AWS IAM but niche audience — only relevant when IAM-specific questions arise.

Information

Repository: agent-toolkit-for-aws
Stars: 870
Installs: 0

Trust Score

Overall90

Security100

Code Quality82

Architecture78

Usefulness68

More from agent-toolkit-for-aws

AWS IAM — Common Pitfalls

Verified guidance on AWS IAM edge-cases, pitfalls, and gotchas for agents working with roles, policies, STS, Organizations, and SAML/MFA.

AWS Billing & Cost Management

Domain knowledge and safe workflows for analyzing AWS costs, running cost audits, right-sizing resources, evaluating Savings Plans/Reserved Instances, and query

Related Skills

TradeOS

Natural-language driven CEX trading and portfolio management for agents: API key vaulting, multi-exchange orders, DCA, arbitrage scanning, alerts and security r

Spring Boot Migration

Guided, phased migration for existing Spring Boot apps to Boot 4 / Java 25 (including Modulith 2 and Testcontainers 2), with scanners and reference guides.

Java 25 & Spring Boot 4 Code Reviewer

Run focused, evidence-based code reviews for Java 25 and Spring Boot 4 projects — migration risks, architecture boundaries, null-safety (JSpecify), security, an

ArcKit — French Public Procurement (fr-marche-public)

Generates French public procurement (Dossier de Consultation des Entreprises) drafts aligned with the Code de la Commande Publique, UGAP frameworks, and DINUM d

ArcKit Architecture Conformance

Run a systematic architecture conformance assessment that compares ADRs and principles against HLD/DLD artifacts to surface drift, violations, and technical deb

Speak Security Basics

Security best practices for integrating Speak: API key management, audio data privacy, student data protection, and COPPA/FERPA compliance for production deploy

Replit — Advanced Troubleshooting

Step-by-step diagnostics and debugging techniques for deep Replit issues: Nix build failures, container crash loops, memory leaks, and platform vs app isolation

Vercel Common Errors

Diagnose and fix common Vercel build, serverless runtime, and edge/routing errors with step-by-step checks and fixes.

Back to Skills

AWS IAM — Common Pitfalls

Trust Score 90/100

from agent-toolkit-for-aws870

Verified corrections and edge-case guidance for AWS IAM, STS, Organizations, SAML, and policy evaluation to avoid common authorization mistakes.

triggers:iamassume-roleiam:passrolepolicy evaluationstssamlorganizationsmfa

GitHub SKILL.md

What it does

When to use it

What's included

Scripts: None included in the skill directory (has_scripts=false).
References: None packaged with the skill file (has_references=false), but the body links to official AWS docs for authoritative checks.
Instructions: Concrete edge-case guidance covering CloudTrail logging nuances, STS/getSessionToken limits, Organizations removal/close semantics, policy-evaluation examples (ForAllValues + Null), MFA behaviours, SigV4 notes, and service-specific trust principals. Practical warnings about iam:PassRole escalation are provided.

Compatible agents

Inferred compatible agents: Copilot/Codex-style assistants and automation tooling that can call AWS docs or SDKs (e.g., Copilot, Claude Code, GPT-based code assistants).