AWS IAM — Common Pitfalls

What it does

This skill provides concise, verified corrections and edge-case rules for AWS Identity and Access Management (IAM) and related services (STS, Organizations, SAML). It distills gotchas — policy evaluation pitfalls, service-specific trust policy quirks, MFA and SigV4 nuances, and role/pass-role escalation patterns — so agents answer authorization questions more accurately.

When to use it

Use this skill when an agent must: audit or explain IAM policies, diagnose cross-account AssumeRole behavior, reason about STS session limits, construct or validate SAML/OIDC trust relationships, or assess privilege escalation risks involving iam:PassRole. Prefer it as a fact-checking layer alongside official AWS docs.

What's included

• Scripts: none declared in the repo snapshot (has_scripts=false)
• References: none bundled in sibling files (has_references=false)
• Instructions: detailed examples and explicit edge-case notes covering CloudTrail logging, STS restrictions, Organizations removal/closure semantics, policy evaluation (ForAllValues + Null), managed policy version limits, and service-specific trust principals.

Compatible agents

Likely useful to agents with AWS SDK and shell access: Copilot/Code assistants, CLI-based agents, and automation bots that can fetch AWS docs.