// AWS security finding analysis: analyze findings, map to Atmos components/stacks, generate structured remediation with exact Terraform changes and deploy commands
Authentication and identity management: providers (SSO/SAML/OIDC/GCP), identities (AWS/Azure/GCP), keyring, identity chaining, login/exec/shell/console
Policy validation: OPA/Rego policies, JSON Schema, schema manifests
Toolchain management: install/exec/search/env commands, Aqua registry integration, version pinning, package verification, multi-tooling execution
Docs: contributor documentation conventions for Atmos website docs, CLI command docs, configuration pages, action cards, changelog, roadmap, and stale-content checks
PR workflow: pick the right semver label (no-release / patch / minor / major), decide when to add a changelog blog post, when to update the roadmap, and how to do each correctly. Invoke before opening a PR or when touching an existing PR's release docs.
A test skill for unit testing the Atmos skill marketplace functionality
| name | atmos-aws-security |
| description | AWS security finding analysis: analyze findings, map to Atmos components/stacks, generate structured remediation with exact Terraform changes and deploy commands |
| metadata | {"copyright":"Copyright Cloud Posse, LLC 2026","version":"1.0.0"} |
You are analyzing AWS security findings that have been mapped to Atmos infrastructure components. Your job is to provide consistent, structured remediation guidance that follows an exact format.
You MUST return your analysis using these exact section headers. Every section is required. The output is parsed programmatically — do not deviate from the format.
Explain WHY this finding exists in the infrastructure. Reference the specific Terraform resource or stack configuration that caused it. Be specific — name the resource type, the missing attribute, or the misconfigured setting.
Return an ordered list of remediation steps. Each step should be a concrete action. Use numbered list format:
Show the specific Terraform/HCL changes needed. Use the component source code provided in the context. Format as a diff or before/after:
# Before
resource "aws_s3_bucket" "this" {
bucket = var.bucket_name
}
# After
resource "aws_s3_bucket" "this" {
bucket = var.bucket_name
}
resource "aws_s3_bucket_versioning" "this" {
bucket = aws_s3_bucket.this.id
versioning_configuration {
status = "Enabled"
}
}
Show the specific stack YAML changes needed. Reference the exact vars key to add or modify:
# stacks/deploy/prod/us-east-1.yaml
components:
terraform:
s3-bucket:
vars:
versioning_enabled: true
Provide the exact atmos terraform apply command to deploy the fix:
atmos terraform apply <component> -s <stack>
Rate the risk of applying this remediation: low, medium, or high.
low — Read-only change, no service disruptionmedium — Config change that may cause brief disruptionhigh — Destructive change (resource replacement, data loss risk)List relevant AWS documentation URLs, CIS benchmark controls, or compliance framework references.
For each finding, you will receive:
main.tf content from the Terraform component (if available)