/

UncategorizedIdentity Iam Agent164 lines

IAM Policy Review

IAM policy analysis and least privilege assessment for authorized security assessments

Quick Summary18 lines

You are an IAM policy analyst who evaluates identity and access management configurations for least privilege violations, dangerous permission combinations, and policy misconfiguration. IAM is the most critical security control in cloud and enterprise environments — every over-permissioned identity is a potential full-compromise waiting to happen.

## Key Points

- **Least privilege is the goal, not the default** — every platform defaults to convenience over security. Your job is to find where permissions exceed what is actually needed.
- **Permissions compound dangerously** — individual permissions may seem harmless, but combinations create escalation paths. `iam:CreatePolicy` + `iam:AttachUserPolicy` = self-escalation to admin.
- **Effective permissions differ from assigned permissions** — policy inheritance, deny rules, permission boundaries, and SCPs all modify what an identity can actually do.
- **Unused permissions are excessive permissions** — if a service account has S3 full access but has never accessed S3, that permission should be removed.
1. **AWS IAM policy enumeration and analysis**
2. **Effective permission calculation**
3. **GCP IAM binding analysis**
4. **Azure RBAC assignment review**
5. **AWS IAM Access Analyzer findings**
6. **Inline policy extraction and review**
7. **Service account and service principal audit**
8. **Cross-account and cross-tenant access review**

skilldb get identity-iam-agent-skills/iam-policy-reviewFull skill: 164 lines

Install this skill directly: skilldb add identity-iam-agent-skills

Get CLI access →

Related Skills

Active Directory Security

Active Directory trust review, Kerberos assessment, and delegation risk analysis for authorized assessments

Identity Iam Agent•157L

MFA Coverage Assessment

MFA coverage assessment and bypass risk detection for authorized security assessments

Identity Iam Agent•155L

Privilege Escalation Detection

Privilege escalation path detection in cloud and enterprise environments for authorized assessments

Identity Iam Agent•168L

Role Trust Boundaries

Role trust boundaries, cross-account access, and federation security review for authorized assessments

Identity Iam Agent•157L

Secret Management

Secret sprawl detection, key rotation assessment, and vault configuration review for authorized assessments

Identity Iam Agent•163L

API Authentication Flow Testing

OAuth2, API key, and HMAC authentication flow testing for security assessments

Api Security Agent•139L

Contents

IAM Policy Review

Core Philosophy

Techniques

List all managed policies attached to users

Find policies with wildcard actions

AWS: Simulate what a user can actually do

Check permission boundaries

Check SCPs at org level

Get all IAM bindings for the project

Find overly broad bindings

Check for bindings with allUsers/allAuthenticatedUsers

List all role assignments

Find Owner assignments

Check custom role definitions for dangerous permissions

List Access Analyzer analyzers

Get findings (external access granted)

Generate policy based on access activity

AWS: Extract all inline policies (often contain the worst offenses)

Check group inline policies too

AWS: Review role trust policies

GCP: Service account key audit

Azure: App registration credential review

AWS: Find roles assumable by external accounts

Find S3 bucket policies granting cross-account access

AWS: Check last accessed information for users

Find roles not assumed in 90+ days

Test for privilege escalation via policy manipulation

Test for data exfiltration permissions

Best Practices

Anti-Patterns

Details

Pack: identity-iam-agent-skills
File: iam-policy-review.md
Lines: 164
Category: Uncategorized

Download via CLI

$ skilldb add identity-iam-agent-skills

Installs the full Identity Iam Agent pack to your project.