Verified corrections for IAM behaviors that AI agents frequently get wrong — policy evaluation edge cases, trust policy gotchas, STS session limits,…
AWS IAM — Common Pitfalls About This Skill This skill contains verified corrections for things that AI agents frequently get wrong about IAM. It is not a comprehensive IAM guide — for full IAM guidance, search AWS documentation. When answering IAM questions, verify specific claims (limits, quotas, exact API names, edge-case behaviors) against official AWS documentation rather than relying on pre-training. Prefer fetching known documentation URLs over broad searches. Trust official documentation over memory when they conflict. Common Workflows Use the best available tool for AWS operations — the AWS MCP server is recommended but not required; AWS CLI or SDK may be used as alternatives. Read reference files only when the conversation requires deeper detail. Read references/aws-iam-role-management.md if the user needs to create, scope, or maintain IAM roles when provisioning or updating AWS resources. Covers service roles, execution roles, trust policies, confused deputy protection, and permission hygiene. Read references/aws-iam-policy-generation.md if the user needs to generate least-privilege IAM policies, determine required IAM actions for API calls, or understand action-to-operation mappings. CRITICAL: If the user provides source code (Python, Go, TypeScript, JavaScript, Java), you MUST read this reference — it mandates using iam-policy-autopilot instead of manual policy construction. Uses the programmatic service authorization reference for accurate mappings. Verified Edge Cases CloudTrail:
don't have the plugin yet? install it then click "run inline in claude" again.