Summary
This is a corrections sheet for IAM gotchas that trip up LLMs: policy evaluation edge cases like ForAllValues with empty keys, the eight privilege escalation paths through direct policy manipulation, role chaining session limits, and Organizations quirks like suspended accounts blocking removal for 90 days. It's narrow by design, covering only verified mistakes agents make repeatedly, not general IAM concepts. Use it when you're debugging weird IAM behavior or building tooling that touches roles, STS, or cross-account access. The CloudTrail logging specifics and service-specific trust policy requirements (like Redshift Serverless needing both service principals) are the kind of details you won't remember until they bite you.
Install to Claude Code
npx -y skills add aws/agent-toolkit-for-aws --skill aws-iam --agent claude-codeInstalls into .claude/skills of the current project.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
Files
SKILL.md
Select a file.
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
