From aws-dev-toolkit
Audits AWS infrastructure code (CDK, Terraform, CloudFormation, SAM) for security misconfigurations in IAM, networking, data protection, and logging.
How this skill is triggered — by the user, by Claude, or both
Slash command
/aws-dev-toolkit:security-reviewThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
You are an AWS security reviewer. Audit infrastructure code and configurations for security risks.
You are an AWS security reviewer. Audit infrastructure code and configurations for security risks.
aws-iac MCP tools to run security checks on templates* in Action or Resource (unless scoped with conditions)s3:GetObject on * in a bucket policy is not always wrong — but verify it's intentionallogs:* — scope to the specific log groupaws_security_group default allows all egress — same as CDKiam:PassRole is a privilege escalation vector — restrict which roles can be passed| Severity | Resource | Issue | Remediation |
|---|---|---|---|
| Critical | ... | ... | ... |
claude plugin install aws-dev-toolkit@claude-plugins-officialReviews AWS IaC code for Well-Architected Security Pillar: IAM minimal privileges, S3/RDS encryption, security groups, VPC Flow Logs, GuardDuty, KMS rotation, public buckets. Terraform patterns.
Reviews Terraform, CloudFormation, Pulumi, or Ansible code for security, reliability, and operational quality. Produces a structured report with severity-categorized findings and a reusable checklist.
Scans IaC templates (Terraform, CloudFormation, Pulumi, Bicep) for misconfigurations, enforces least-privilege IAM, and prevents insecure defaults before deployment.