AWS CLI Rules

Manage AWS cloud resources from the terminal. EC2, S3, Lambda, IAM, and infrastructure automation with the AWS CLI.

3 rules

IAM Least-Privilege Policies

Every AWS IAM policy must follow the principle of least privilege — specific actions, specific resources, conditions where possible, and no wildcard permissions in production.

globs: **/*.json, **/*.tf, **/iam/**, **/policies/**, **/*policy*

iam, least-privilege, security-policy, access-control

View Rule

No Root Account Access Keys

Beginner

The AWS root account must never have access keys, must have MFA enabled, and must only be used for account-level operations that require root. All other work uses IAM roles.

globs: **/*.tf, **/iam/**, **/organizations/**

root-account, mfa, access-keys, account-security

View Rule

S3 Encryption and Public Access Block Required

Beginner

Every S3 bucket must have server-side encryption enabled, public access blocked, and versioning enabled for critical data to prevent data breaches and meet compliance requirements.

globs: **/*.tf, **/*.json, **/s3/**, **/storage/**

s3, encryption, public-access, data-protection

View Rule