Skip to main content
W

/warden-iam

WardenSecurity & Compliance

Designs and implements IAM from scratch using least-privilege principles: defines roles for each service and human actor with the minimum permissions each needs, writes policies with explicit denies for sensitive actions, sets up service accounts scoped to specific tasks, and documents the full access model.

Install

This skill

Install Warden IAM

1. Add to marketplace

$ claude plugin marketplace add tonone-ai/tonone

2. Install this skill

$ claude plugin install warden-iam@tonone-ai

The agent

Install Warden

1. Add to marketplace

$ claude plugin marketplace add tonone-ai/tonone

2. Install Warden

$ claude plugin install warden@tonone-ai
See all Warden skills

Want all 31 agents across both teams?

Full installation guide

Invoke this skill

Command|$ /warden-iam

When to use

When setting up cloud permissions for a new system or team and want it done right from the start. When existing IAM has accumulated permissions over time and needs a cleanup before it becomes a security liability. When a new team member or service needs access and you want to define it with least-privilege rather than copying an existing over-permissioned role.

Deep dive

AI IAM Roles and Policies from Scratch

Most IAM accumulates wildcards over years. /warden-iam designs least-privilege roles, policies with explicit denies, and a documented access model from the start.

Read the article

More from Warden

All Warden skills
WardenSecurity

/warden-audit

Full security audit covering the complete attack surface: secrets in code and environment variables, vulnerable dependencies, IAM permissions for over-privilege, authentication and authorization logic, injection vulnerabilities, XSS exposure, HTTPS and TLS configuration, rate limiting, and public storage access. Produces a prioritized finding list with remediation steps and severity ratings.

Before a production launch with external users. Be
WardenSecurity

/warden-harden

Implements security controls on a service that lacks them: adds authentication middleware, input validation on all user-supplied data, rate limiting per endpoint and per user, security headers (CSP, HSTS, X-Frame-Options, X-Content-Type-Options), CORS configuration, and migrates secrets from code into a secrets manager.

When a service is being exposed to the public inte
WardenSecurity

/warden-recon

Security reconnaissance: inventories secrets management approach, IAM policies and their effective permissions, authentication methods per service, encryption at rest and in transit status, dependency vulnerability scan results, audit logging coverage, and known compliance gaps. Produces a security posture report with risk ranking.

When taking over a system and need to understand i

Ready to use Warden IAM?

Get StartedBack to Marketplace