Security review of Infrastructure-as-Code (Terraform, Kubernetes, CloudFormation). Use when reviewing IaC files for misconfigurations, overpermissioning, exposed resources, missing encryption, secrets in code, and supply chain risks. Covers CIS benchmarks and cloud security best practices.
설치
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
Security review of Infrastructure-as-Code (Terraform, Kubernetes, CloudFormation). Use when reviewing IaC files for misconfigurations, overpermissioning, exposed resources, missing encryption, secrets in code, and supply chain risks. Covers CIS benchmarks and cloud security best practices.
license
CC-BY-4.0
IaC Security Review
Review infrastructure-as-code for security risks by following the full procedure in plays/iac-security-review.md.
Steps
Detect IaC Type — Identify the infrastructure technology from file extensions and content:
Check Against Benchmarks — Validate configurations against:
CIS Benchmarks (AWS/Azure/GCP/Kubernetes)
Cloud provider security best practices
Pod Security Standards (for Kubernetes)
Produce Findings — For each finding: cite resource path, explain the misconfiguration, describe attack scenario, provide fixed code example, rate severity.
Output
Findings sorted by severity using templates/finding.md format, summary with severity counts, and secure configuration improvements section.