ワンクリックで
aws-scan-security
Evaluate IAM posture, public exposure, and security service status of the current AWS account.
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
メニュー
Evaluate IAM posture, public exposure, and security service status of the current AWS account.
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
SOC 職業分類に基づく
Conduct a decision-tree interview with the user to lock in requirements, motivation, scope, and non-goals before planning.
Stage 3 of three-stage planning pipeline. Produce a file-level implementation plan via detail-planner/detail-reviewer loop, then get user approval. Inputs are confirmed intent (<session-id>-intent.md) and outline (<session-id>-outline.md) from prior stages.
Edit source code for the current task. Delegates editing and lint/typecheck/self-repair to a subagent.
Plan and write test cases with high reasoning effort. Test iteration runs in a subagent to minimize confirmations.
Explore the codebase to understand existing patterns, constraints, and relevant files before planning.
Investigate git history, docs/history.md, and GitHub issue/PR timeline since the relevant issue opened, to surface changes that may invalidate the issue's premises.
| name | aws-scan-security |
| description | Evaluate IAM posture, public exposure, and security service status of the current AWS account. |
| model | opus |
| effort | high |
| context | fork |
ASE-1. Verify prerequisites.
ASE-2. IAM posture (pass --profile $AWS_PROFILE --region $AWS_DEFAULT_REGION):
aws iam get-account-summary --query 'SummaryMap.AccountMFAEnabled'aws iam list-virtual-mfa-devices --assignment-status Unassignedaws iam list-attached-user-policies per user, flag AdministratorAccessaws iam list-access-keys, check CreateDate
ASE-3. Public exposure:aws s3api get-bucket-acl + aws s3api get-bucket-policy-status per bucketaws ec2 describe-security-groups --filters Name=ip-permission.cidr,Values=0.0.0.0/0aws rds describe-db-instances --query 'DBInstances[?PubliclyAccessible==\true`]'ASE-4. Security services: CloudTrail, GuardDuty, AWS Config, Security Hub (describe/list/get commands) ASE-5. Write raw findings to$AWS_STATE_DIR/security-.json(severity: critical/high/medium/low). ASE-6. Write human-readable summary to$AWS_STATE_DIR/security-.md`:Skip if $AWS_STATE_DIR/security-<YYYYMMDD>.json exists and is less than 4 hours old.