AI Skill Hub 强烈推荐:IAM策略自动驾驶仪 是一款优质的AI工具。AI 综合评分 8.2 分,在同类工具中表现稳健。如果你正在寻找可靠的AI工具解决方案,这是一个值得深入了解的选择。
AWS IAM策略静态代码分析工具,通过自动化检测和优化IAM权限配置,帮助开发者和安全团队快速识别权限问题、降低安全风险。适合AWS用户、DevOps工程师和安全审计人员。
IAM策略自动驾驶仪 是一款基于 Rust 开发的开源工具,专注于 AWS、IAM、安全审计 等核心功能。作为 GitHub 开源项目,它拥有活跃的社区支持和持续的版本迭代,代码完全透明可审计,支持本地部署以保护数据隐私。无论是个人使用还是集成到企业工作流,都能提供稳定可靠的解决方案。
AWS IAM策略静态代码分析工具,通过自动化检测和优化IAM权限配置,帮助开发者和安全团队快速识别权限问题、降低安全风险。适合AWS用户、DevOps工程师和安全审计人员。
IAM策略自动驾驶仪 是一款基于 Rust 开发的开源工具,专注于 AWS、IAM、安全审计 等核心功能。作为 GitHub 开源项目,它拥有活跃的社区支持和持续的版本迭代,代码完全透明可审计,支持本地部署以保护数据隐私。无论是个人使用还是集成到企业工作流,都能提供稳定可靠的解决方案。
# 方式一:cargo install(推荐) cargo install iam-policy-autopilot # 方式二:从源码编译 git clone https://github.com/awslabs/iam-policy-autopilot cd iam-policy-autopilot cargo build --release # 二进制在 ./target/release/iam-policy-autopilot
# 查看帮助 iam-policy-autopilot --help # 基本运行 iam-policy-autopilot [options] <input> # 详细使用说明请查阅文档 # https://github.com/awslabs/iam-policy-autopilot
# iam-policy-autopilot 配置说明 # 查看配置选项 iam-policy-autopilot --config-example > config.yml # 常见配置项 # output_dir: ./output # log_level: info # workers: 4 # 环境变量(覆盖配置文件) export IAM_POLICY_AUTOPILOT_CONFIG="/path/to/config.yml"
IAM Policy Autopilot makes HTTPS requests at runtime to the AWS service reference endpoint to fetch up-to-date AWS service metadata used for policy generation. This endpoint must be reachable from the machine running the tool.
Install uv from Astral.
No additional installation needed - you can run IAM Policy Autopilot directly using uvx iam-policy-autopilot.
Install pip.
pip install iam-policy-autopilot
To install the latest release directly, run the following script to download and install as a system utility.
curl -sSL https://github.com/awslabs/iam-policy-autopilot/raw/refs/heads/main/install.sh | sudo sh
This will install the latest release directly to /usr/local/bin/iam-policy-autopilot.
Clone the repository with submodules:
git clone --recurse-submodules https://github.com/awslabs/iam-policy-autopilot.git
cd iam-policy-autopilot
Build the project:
cargo build --release
The compiled binary will be located at target/release/iam-policy-autopilot.
cargo build --release
The compiled binary will be located at target/release/iam-policy-autopilot.
The iam-policy-autopilot CLI tool provides three main commands:
Generate IAM policies from source code and fix AccessDenied errors
Usage: iam-policy-autopilot <COMMAND>
Commands:
fix-access-denied Fix AccessDenied errors by analyzing and optionally applying IAM policy changes
generate-policies Generates complete IAM policy documents from source files
mcp-server Start MCP server
help Print this message or the help of the given subcommand(s)
Options:
-h, --help Print help (see more with '--help')
-V, --version Print version
IAM Policy Autopilot requires AWS credentials to apply policy fixes and upload policies for AccessDenied debugging.
Install AWS CLI and configure your AWS credentials.
For more information on AWS credential configuration, see the AWS CLI Configuration Guide.
Configure the MCP server in your MCP client configuration to enable your AI coding assistant to generate IAM policies.
Get Kiro from https://kiro.dev/
If using uv/uvx:
Add the following configuration to your project-level .kiro/settings/mcp.json:
{
"mcpServers": {
"iam-policy-autopilot": {
"command": "uvx",
"args": ["iam-policy-autopilot", "mcp-server"],
"env": {
"AWS_PROFILE": "your-profile-name",
"AWS_REGION": "us-east-1"
},
"disabled": false,
"autoApprove": []
}
}
}
If using pip:
{
"mcpServers": {
"iam-policy-autopilot": {
"command": "iam-policy-autopilot",
"args": ["mcp-server"],
"env": {
"AWS_PROFILE": "your-profile-name",
"AWS_REGION": "us-east-1"
},
"disabled": false,
"autoApprove": []
}
}
}
Get Kiro CLI from https://kiro.dev/cli
Kiro Cli uses the same configuration as Kiro mentioned above, additionally, MCPs for Kiro CLI can also be setup via:
If using uv/uvx:
kiro-cli mcp add \
--name iam-policy-autopilot \
--command "uvx" \
--args "iam-policy-autopilot","mcp-server"
If using pip:
kiro-cli mcp add \
--name iam-policy-autopilot \
--command "iam-policy-autopilot" \
--args "mcp-server"
Add to your Claude Desktop configuration file:
macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
Windows: %APPDATA%\Claude\claude_desktop_config.json
Linux: ~/.config/Claude/claude_desktop_config.json
If using uv/uvx:
{
"mcpServers": {
"iam-policy-autopilot": {
"command": "uvx",
"args": ["iam-policy-autopilot", "mcp-server"],
"env": {
"AWS_PROFILE": "your-profile-name",
"AWS_REGION": "us-east-1"
}
}
}
}
If using pip:
{
"mcpServers": {
"iam-policy-autopilot": {
"command": "iam-policy-autopilot",
"args": ["mcp-server"],
"env": {
"AWS_PROFILE": "your-profile-name",
"AWS_REGION": "us-east-1"
}
}
}
}
IAM Policy Autopilot has an associated Kiro power configuration inside the power-iam-policy-autopilot directory. This can be used to install a corresponding Kiro power in your Kiro editor.
To enable the IAM Policy Autopilot Kiro Power, first install the uv package manager by following these instructions. Then, do the following steps within Kiro: 1. Go to the "Powers" menu in the menubar on the left-hand-side. 2. Click Add Custom Power -> Import power from Github 3. In the text prompt that then appears, enter https://github.com/awslabs/iam-policy-autopilot/tree/main/power-iam-policy-autopilot. 4. Kiro should automatically install a new Kiro power called IAM Policy Autopilot within your Kiro code editor. This power should be visible in the Powers menu.
If the above steps for installing the power from a GitHub repository URL does not work, you can also clone the repository and import the power directly, by doing the following: 1. Clone the git repository https://github.com/awslabs/iam-policy-autopilot, and remember the directory to where you cloned the repo. 2. Go to the "Powers" menu in the menubar on the left-hand-side. 3. Click Add Custom Power -> Import power from a folder 4. In the text prompt that then appears, select the power-iam-policy-autopilot folder in your cloned repository. For instance, if the repository is cloned to ~/workplace/iam-policy-autopilot, you should select or enter ~/workplace/iam-policy-autopilot/power-iam-policy-autopilot. 5. Kiro should automatically install a new Kiro power called IAM Policy Autopilot within your Kiro code editor. This power should be visible in the Powers menu.
Kiro powers generally offer a more refined experience than traditional MCP servers because they enable MCP tools to be loaded more selectively & deliberately, reducing LLM token usage and avoiding LLM context overcrowding.
IAM Policy Autopilot's Kiro power specifically enhances the traditional MCP experience, for multiple reasons: 1. This Kiro Power provides your LLM agent with more steering guidance, offering it more information on the specific use cases and best practices of our MCP tooling. 2. This Kiro power prompts your LLM agent to give a tutorial of the MCP tools offered by IAM Policy Autopilot, allowing you to better understand how our MCP tooling assists your use case. 3. This Kiro Power provides your LLM agent with step-by-step onboarding validation, allowing it to detect any problems with installations and provide remediation steps for those problems.
| Language | SDK |
|---|---|
| Go | [AWS SDK for Go v2](https://docs.aws.amazon.com/sdk-for-go/v2/developer-guide/welcome.html) |
| Java | [AWS SDK for Java v2](https://docs.aws.amazon.com/sdk-for-java/v2/) |
| JavaScript | [AWS SDK for JavaScript v3](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/) |
| TypeScript | [AWS SDK for JavaScript v3](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/) |
| Python | [Boto3](https://boto3.amazonaws.com/v1/documentation/api/latest/index.html), [Botocore](https://botocore.amazonaws.com/v1/documentation/api/latest/index.html) |
cargo test -p iam-policy-autopilot-cli --test integration_tests ```
iam-policy-autopilot 是一款旨在简化 AWS IAM 策略管理的自动化工具。它能够通过分析源代码来生成精确的 IAM 策略文档,并能智能识别和修复运行过程中的 AccessDenied 错误,帮助开发者在遵循最小权限原则的同时,显著降低手动配置策略的复杂度和出错率。
在使用本项目之前,请确保您的开发环境已安装以下工具:Rust(最新稳定版)、Git 以及 Python 3。如果您在 Windows 系统上进行开发,还需要安装 CMake。这些工具是构建和运行工具链的基础环境。
本项目提供了多种灵活的安装方式:推荐使用 uv 工具,通过 `uvx iam-policy-autopilot` 命令即可直接运行,无需额外安装;也可以使用传统的 pip 进行安装(`pip install iam-policy-autopilot`);此外,开发者也可以选择通过源码进行直接安装以满足特定需求。
iam-policy-autopilot 提供功能强大的 CLI 命令行界面,包含三个核心命令:`fix-access-denied` 用于分析并修复 AccessDenied 错误(支持自动应用变更);`generate-policies` 用于从源代码文件中自动生成完整的 IAM 策略文档;`mcp-server` 则用于启动 MCP server,为 AI 助手提供能力支持。
在使用过程中,必须配置 AWS credentials 以便工具能够执行策略修复和上传调试信息。建议安装 AWS CLI 并按照官方指南完成配置。此外,若要通过 AI 编程助手使用 MCP 功能,需在相应的 MCP client(如 Kiro)配置文件中添加对应的 mcpServers 配置项。
本项目支持多种主流编程语言的策略生成功能。目前已适配 Go (AWS SDK for Go v2)、Java (AWS SDK for Java v2) 以及 JavaScript (AWS SDK for JavaScript v3) 的 SDK,能够通过分析这些语言编写的代码来生成准确的权限策略。
本项目包含完善的集成测试流程。开发者可以通过运行 `cargo test -p iam-policy-autopilot-cli --test integration_tests` 命令来执行集成测试,确保 CLI 工具在不同场景下的逻辑正确性与稳定性。
Rust编写的高性能IAM分析工具,填补AWS权限管理空白。设计实用,文档完善,社区活跃度良好,是DevOps安全工作流的优选方案。
AI Skill Hub 为第三方内容聚合平台,本页面信息基于公开数据整理,不对工具功能和质量作任何法律背书。
建议在沙箱或测试环境中充分验证后,再部署至生产环境,并做好必要的安全评估。
✅ Apache 2.0 — 宽松开源协议,可商用,需保留版权声明和 NOTICE 文件,含专利授权条款。
总体来看,IAM策略自动驾驶仪 是一款质量优秀的AI工具,在同类工具中具备一定竞争力。AI Skill Hub 将持续追踪其更新动态,建议收藏备用,结合自身场景选择合适时机引入使用。
| 原始名称 | iam-policy-autopilot |
| 原始描述 | 开源MCP工具:IAM Policy Autopilot is an open source static code analysis tool that helps you 。⭐363 · Rust |
| Topics | AWSIAM安全审计代码分析权限管理CLI工具 |
| GitHub | https://github.com/awslabs/iam-policy-autopilot |
| License | Apache-2.0 |
| 语言 | Rust |
收录时间:2026-05-19 · 更新时间:2026-05-30 · License:Apache-2.0 · AI Skill Hub 不对第三方内容的准确性作法律背书。