From aws-skills-for-claude-code
Audits AWS security: verifies account info, credentials, IAM reports, MFA status, access key age, resource counts, tagging compliance, and open security groups via CLI/boto3.
npx claudepluginhub whchoi98/aws-skills-for-claude-code --plugin aws-skills-for-claude-codeThis skill uses the workspace's default tool permissions.
- "현재 AWS 계정 정보" / "Current AWS account info"
Generates design tokens/docs from CSS/Tailwind/styled-components codebases, audits visual consistency across 10 dimensions, detects AI slop in UI.
Records polished WebM UI demo videos of web apps using Playwright with cursor overlay, natural pacing, and three-phase scripting. Activates for demo, walkthrough, screen recording, or tutorial requests.
Delivers idiomatic Kotlin patterns for null safety, immutability, sealed classes, coroutines, Flows, extensions, DSL builders, and Gradle DSL. Use when writing, reviewing, refactoring, or designing Kotlin code.
# Who am I? / 현재 자격 증명 확인
aws sts get-caller-identity
# Account aliases / 계정 별칭
aws iam list-account-aliases
# Current region / 현재 리전
aws configure get region
import boto3
sts = boto3.client('sts')
identity = sts.get_caller_identity()
print(f"Account: {identity['Account']}")
print(f"ARN: {identity['Arn']}")
print(f"UserId: {identity['UserId']}")
aws iam generate-credential-report
aws iam get-credential-report --query 'Content' --output text | base64 -d
iam = boto3.client('iam')
users = iam.list_users()['Users']
for user in users:
keys = iam.list_access_keys(UserName=user['UserName'])['AccessKeyMetadata']
for key in keys:
age = (datetime.now(key['CreateDate'].tzinfo) - key['CreateDate']).days
print(f" {user['UserName']}: {key['AccessKeyId']} ({age} days, {key['Status']})")
for user in iam.list_users()['Users']:
mfa = iam.list_mfa_devices(UserName=user['UserName'])['MFADevices']
status = 'MFA enabled' if mfa else 'NO MFA'
print(f" {user['UserName']}: {status}")
# Test what actions a user can perform / 사용자가 수행할 수 있는 작업 테스트
iam.simulate_principal_policy(
PolicySourceArn='arn:aws:iam::123456789012:user/testuser',
ActionNames=['s3:GetObject', 's3:PutObject', 'ec2:DescribeInstances'],
ResourceArns=['*']
)
cc = boto3.client('cloudcontrol')
# Common resource types to audit / 감사할 일반적인 리소스 타입
resource_types = [
'AWS::EC2::Instance',
'AWS::EC2::SecurityGroup',
'AWS::S3::Bucket',
'AWS::RDS::DBInstance',
'AWS::Lambda::Function',
'AWS::IAM::Role',
]
for rt in resource_types:
try:
result = cc.list_resources(TypeName=rt)
count = len(result.get('ResourceDescriptions', []))
print(f" {rt}: {count} resources")
except Exception:
pass
# Find untagged resources / 태그 없는 리소스 찾기
aws resourcegroupstaggingapi get-resources \
--query 'ResourceTagMappingList[?Tags==`[]`].ResourceARN'
# List security groups with open access / 개방된 보안 그룹 목록
aws ec2 describe-security-groups \
--query 'SecurityGroups[?IpPermissions[?IpRanges[?CidrIp==`0.0.0.0/0`]]].{ID:GroupId,Name:GroupName}'
# List public subnets / 퍼블릭 서브넷 목록
aws ec2 describe-subnets \
--query 'Subnets[?MapPublicIpOnLaunch==`true`].{ID:SubnetId,VPC:VpcId,CIDR:CidrBlock}'
# Run all checks / 모든 검사 실행
import boto3
def security_audit():
iam = boto3.client('iam')
# 1. Root account MFA / 루트 계정 MFA
summary = iam.get_account_summary()['SummaryMap']
print(f"Root MFA: {'YES' if summary['AccountMFAEnabled'] else 'NO'}")
# 2. Users without MFA / MFA 없는 사용자
for u in iam.list_users()['Users']:
mfa = iam.list_mfa_devices(UserName=u['UserName'])['MFADevices']
if not mfa:
print(f" No MFA: {u['UserName']}")
# 3. Old access keys (>90 days) / 오래된 액세스 키 (>90일)
from datetime import datetime, timezone
for u in iam.list_users()['Users']:
for k in iam.list_access_keys(UserName=u['UserName'])['AccessKeyMetadata']:
age = (datetime.now(timezone.utc) - k['CreateDate']).days
if age > 90:
print(f" Old key ({age}d): {u['UserName']} - {k['AccessKeyId']}")
# 4. Unused roles / 미사용 역할
for r in iam.list_roles()['Roles']:
last_used = r.get('RoleLastUsed', {}).get('LastUsedDate')
if not last_used:
print(f" Never used role: {r['RoleName']}")
security_audit()