Scan cloud IAM policies for over-privileged roles and unused permissions. / 扫描云IAM策略,发现过度权限角色和未使用的权限。
---
name: cloud-iam-auditor
description: "Scan cloud IAM policies for over-privileged roles and unused permissions. / 扫描云IAM策略,发现过度权限角色和未使用的权限。"
version: 1.0.0
topics: [iam,security,auth,cloud-audit,权限管理,安全审计]
metadata:
openclaw:
requires:
bins:
- bash
- curl
emoji: "🔐"
homepage: https://kingai.work/
install: []
---
# 🔐 Cloud IAM Auditor / 云权限审计助手
> Scan cloud IAM policies for over-privileged roles and unused permissions. / 扫描云IAM策略,发现过度权限角色和未使用的权限。
> 🦁 **由 KingAI.Work 出品** — 智能进化|vip@kingai.work
---
## Quick Start / 快速开始
```bash
cloud-iam-auditor audit --provider aws --policy-arn arn:aws:iam::123456789012:policy/my-policy Scans a specific AWS IAM policy and highlights unused actions and risky permissions. / 扫描指定AWS IAM策略,突出显示未使用的操作和风险权限。
```
## Features / 功能
• Analyze IAM policies across major cloud providers and instantly surface over-privileged roles / 跨主流云平台分析IAM策略,立即定位权限过大的角色,降低内部安全风险
• Detect unused permissions by cross-referencing actual user activity logs with granted roles / 对照用户实际活动日志与授予角色,精准识别无效权限,让权限管理更简洁高效
• Generate actionable remediation recommendations with one-click rollback support / 提供可执行的修复建议与一键回滚支持,确保变更安全可控
• Schedule regular policy audits to maintain a least-privilege posture over time / 定时自动审计,持续维持最小权限原则,杜绝权限膨胀
• Export comprehensive compliance reports in multiple formats for SOC 2, ISO 27001 audits / 导出多格式合规报告,轻松应对SOC 2、ISO 27001等审计要求
• Unlock advanced analytics with historical trend tracking and cross-account drift detection (Pro feature) / 解锁历史趋势追踪与跨账号权限漂移检测高级分析(Pro专属能力)
## Common Use Cases / 常见场景
• A startup CTO discovers a service account with admin access to all S3 buckets, but the account only needs read access to one bucket. The tool flags it and suggests a tailored policy. / 初创公司CTO发现某个服务账号拥有全部S3存储桶的管理权限,实际只需读取一个桶。工具自动标记并提出定制策略修复。
• A compliance officer needs to prove least-privilege access for an annual SOC 2 audit. The tool generates a historical audit trail of permission changes and current policy state. / 合规官需证明最小权限原则以满足年度SOC 2审计。工具生成权限变更历史记录与当前策略状态报告。
• A DevOps lead inherits a messy GCP project with hundreds of custom roles. They run a bulk audit, identify 50+ roles with stale permissions, and clean them up in minutes. / DevOps负责人接手混乱GCP项目,数百个自定义角色。批量审计后,几分钟内找到并清理50+个含过期权限的角色。
## Compare / 对比
| | Free | Pro |
|---|:----:|:---:|
| Basic | ✅ | ✅ |
| Advanced | — | ✅ |
| AI | — | ✅ |
| Support | Community | Priority |
• Gain deep historical insights with permission drift detection and trend graphs across all accounts
• 获取跨账号权限漂移检测与趋势图,深度掌握历史权限变更
• Automate remediation workflows that apply least-privilege policies without manual intervention
• 自动化修复工作流,无需手动干预即可应用最小权限策略
• Access priority support and custom rule engines for enterprise compliance needs
• 享受优先支持与自定义规则引擎,满足企业级合规需求\n\n
---
**KingAI.Work** — 智能进化|vip@kingai.work
don't have the plugin yet? install it then click "run inline in claude" again.