AWS CLI governance rules for AI agents — prevents public S3 buckets, wildcard IAM policies, and accidental resource deletion.
5 rules · 1 file
ssg hub pull rules-aws| Rule | Decision | Severity | Description |
|---|---|---|---|
no-s3-public-acl |
DENY | error | Blocks public-read/public-read-write S3 ACLs |
no-iam-star-permissions |
DENY | error | Blocks IAM Action: "*" wildcard |
no-resource-star-with-write |
ASK | warning | Warns on Resource: "*" in IAM policies |
ask-aws-delete |
ASK | warning | Confirms before s3 rm, ec2 terminate, rds delete |
log-aws-profile |
LOG | info | Logs all AWS CLI commands with profile reminder |
Part of the SigmaShake Hub — governance rules for AI coding agents.