askill
awsflow-iam

awsflow-iamSafety 95Repository

Inspect AWS IAM roles, policies, users, groups, access keys, MFA devices, simulate permissions, generate credential reports, and get account summary using awsflow.

awsflow-iamnecatiarslan
1 stars
1.2k downloads
Updated 2/26/2026

Package Files

Loading files...
SKILL.md

Awsflow IAM

Inspect IAM roles, policies, users, groups, simulate permissions, and audit credentials.

When to Use This Skill

Use this skill when the user:

  • Asks about IAM roles, policies, or permissions
  • Wants to inspect what a role or user can access
  • Needs to simulate permissions with SimulatePrincipalPolicy
  • Wants to audit users, access keys, MFA devices
  • Asks about credential reports or account settings
  • Needs to check attached or inline policies

Tool: IAMTool

Execute AWS IAM commands including permission simulation. ALWAYS provide params object.

Commands

ListRoles

List IAM roles.

{ "command": "ListRoles", "params": { "MaxItems": 100 } }

Parameters:

ParameterTypeRequiredDescription
PathPrefixstringNoPath prefix filter
MarkerstringNoPagination marker
MaxItemsnumberNoMaximum items to return

GetRole

Get details of an IAM role.

{ "command": "GetRole", "params": { "RoleName": "my-role" } }

Parameters:

ParameterTypeRequiredDescription
RoleNamestringYesTarget IAM role name

GetRolePolicy

Get an inline policy attached to a role.

{ "command": "GetRolePolicy", "params": { "RoleName": "my-role", "PolicyName": "my-inline-policy" } }

Parameters:

ParameterTypeRequiredDescription
RoleNamestringYesRole name
PolicyNamestringYesInline policy name

ListRolePolicies

List inline policy names for a role.

{ "command": "ListRolePolicies", "params": { "RoleName": "my-role" } }

Parameters:

ParameterTypeRequiredDescription
RoleNamestringYesRole name
MarkerstringNoPagination marker
MaxItemsnumberNoMaximum items

ListAttachedRolePolicies

List managed policies attached to a role.

{ "command": "ListAttachedRolePolicies", "params": { "RoleName": "my-role" } }

Parameters:

ParameterTypeRequiredDescription
RoleNamestringYesRole name
PathPrefixstringNoPath prefix filter
MarkerstringNoPagination marker
MaxItemsnumberNoMaximum items

ListRoleTags

List tags attached to a role.

{ "command": "ListRoleTags", "params": { "RoleName": "my-role" } }

Parameters:

ParameterTypeRequiredDescription
RoleNamestringYesRole name

ListPolicies

List IAM policies.

{ "command": "ListPolicies", "params": { "Scope": "Local", "OnlyAttached": true } }

Parameters:

ParameterTypeRequiredDescription
ScopestringNoAll, AWS, or Local
OnlyAttachedbooleanNoOnly list attached policies
PolicyUsageFilterstringNoPermissionsPolicy or PermissionsBoundary
PathPrefixstringNoPath prefix filter
MarkerstringNoPagination marker
MaxItemsnumberNoMaximum items

GetPolicy

Get details of a managed policy.

{ "command": "GetPolicy", "params": { "PolicyArn": "arn:aws:iam::123456789012:policy/my-policy" } }

Parameters:

ParameterTypeRequiredDescription
PolicyArnstringYesIAM policy ARN

GetPolicyVersion

Get a specific version of a policy document.

{ "command": "GetPolicyVersion", "params": { "PolicyArn": "arn:aws:iam::123456789012:policy/my-policy", "VersionId": "v1" } }

Parameters:

ParameterTypeRequiredDescription
PolicyArnstringYesIAM policy ARN
VersionIdstringYesPolicy version ID (e.g., v1, v2)

ListPolicyVersions

List all versions of a managed policy.

{ "command": "ListPolicyVersions", "params": { "PolicyArn": "arn:aws:iam::123456789012:policy/my-policy" } }

Parameters:

ParameterTypeRequiredDescription
PolicyArnstringYesIAM policy ARN
MarkerstringNoPagination marker
MaxItemsnumberNoMaximum items

ListUsers

List IAM users.

{ "command": "ListUsers", "params": {} }

Parameters:

ParameterTypeRequiredDescription
PathPrefixstringNoPath prefix filter
MarkerstringNoPagination marker
MaxItemsnumberNoMaximum items

GetUser

Get details of an IAM user.

{ "command": "GetUser", "params": { "UserName": "john" } }

Parameters:

ParameterTypeRequiredDescription
UserNamestringNoIAM user name (omit for current user)

ListAccessKeys

List access keys for a user.

{ "command": "ListAccessKeys", "params": { "UserName": "john" } }

Parameters:

ParameterTypeRequiredDescription
UserNamestringNoIAM user name

ListMFADevices

List MFA devices for a user.

{ "command": "ListMFADevices", "params": { "UserName": "john" } }

Parameters:

ParameterTypeRequiredDescription
UserNamestringNoIAM user name

ListGroups

List IAM groups.

{ "command": "ListGroups", "params": {} }

Parameters:

ParameterTypeRequiredDescription
GroupNamestringNoGroup name

GetAccountSummary

Get IAM account summary (resource counts and limits).

{ "command": "GetAccountSummary", "params": {} }

Parameters: None required.

GetAccountPasswordPolicy

Get the account password policy.

{ "command": "GetAccountPasswordPolicy", "params": {} }

Parameters: None required.

GenerateCredentialReport

Generate a credential report (async — poll with GetCredentialReport).

{ "command": "GenerateCredentialReport", "params": {} }

Parameters: None required.

GetCredentialReport

Get the most recently generated credential report.

{ "command": "GetCredentialReport", "params": {} }

Parameters: None required.

GetServiceLastAccessedDetails

Get last accessed details for services by an IAM entity.

{ "command": "GetServiceLastAccessedDetails", "params": { "JobId": "12345678-1234-1234-1234-123456789012" } }

Parameters:

ParameterTypeRequiredDescription
JobIdstringYesJob ID from GenerateServiceLastAccessedDetails

SimulatePrincipalPolicy

Simulate IAM policy evaluation — test what a role/user can access.

{
  "command": "SimulatePrincipalPolicy",
  "params": {
    "PolicySourceArn": "arn:aws:iam::123456789012:role/MyRole",
    "ActionNames": ["s3:GetObject", "s3:PutObject"],
    "ResourceArns": ["arn:aws:s3:::my-bucket/*"]
  }
}

Parameters:

ParameterTypeRequiredDescription
PolicySourceArnstringYesARN of IAM entity (user, group, role) to simulate
ActionNamesarray of stringsYesAPI action names to simulate (e.g., s3:GetObject)
ResourceArnsarray of stringsNoResource ARNs to simulate against
ResourcePolicystringNoResource-based policy JSON string
ResourceOwnerstringNoAWS account ID owning the resource
CallerArnstringNoARN of the user making the request
ContextEntriesarray of objectsNoContext keys and values for policy evaluation
ResourceHandlingOptionstringNoHow to handle resource-based policies

Related Services

  • IAM → All Services: IAM roles and policies control access to every AWS service. Key services using IAM roles:
    • Lambda: Execution roles (check GetFunctionConfigurationRole)
    • EC2: Instance profiles
    • Glue: Job execution roles
    • Step Functions: State machine execution roles
    • ECS: Task execution roles and task roles
  • IAM → STS: Use STSTool GetCallerIdentity to verify current identity, AssumeRole to switch roles
  • IAM → CloudTrail → CloudWatch: IAM API calls logged in CloudTrail. Use CloudWatchLogTool to search CloudTrail log groups
  • IAM → CloudFormation: IAM resources managed by CloudFormation stacks

Install

Download ZIP
Requires askill CLI v1.0+

AI Quality Score

89/100Analyzed 2/19/2026

High-quality skill for AWS IAM operations using awsflow tool. Excellent completeness covering 21 IAM commands including roles, policies, users, groups, permission simulation, and credential reports. Very actionable with clear JSON examples and parameter tables. Well-organized with When to Use This Skill section. Minor扣分 for being tied to a specific project tool (awsflow), but otherwise professional and reusable within that context. No safety concerns as all operations are read-only or simulation-based.

95
90
72
88
92

Metadata

Licenseunknown
Version-
Updated2/26/2026
Publishernecatiarslan

Tags

apitesting