Security●●Solid
Pasu- Open-Source CLI AWS IAM Analyzer Tool
Auto-fixes dangerous IAM policies with least-privilege replacements in seconds.
Solve My ProblemNiche Gem
nkimeducaiton
203mo ago
Back to browse
Timebound AWS IAM Permissions for Claude Code
by arrsingh·Feb 17, 2026·2 points·0 comments
AI Analysis
●●SolidNiche GemSolve My Problem
The Take
It turns a messy manual flow — handing credentials to an agent and hoping you remember to revoke them — into a neat MCP broker that issues scoped AWS STS creds on demand, with a setup wizard and claude mcp integration. No backend to manage and creds auto-expire, which is a pragmatic, low-friction approach; I'd like to see first-class multi-account orchestration, audit logs, and a library of policy templates next.
Category
Target Audience
Developers using AI coding agents, DevOps/cloud engineers, SREs who manage AWS access
Post Description
Hello HN,
I've been using Claude Code for managing my AWS infra and I have multiple accounts (probably should have just one but here we are), and everytime I needed to work with my Cloudfront or S3 or Dynamo or anything else I was constantly updating AWS IAM Policies and had to remember to remove the policy permissions after I was done so my account didn't just have access to everything for my user.
So I built a simple MCP server that talks to AWS STS and allows claude code to request temporary credentials with a standard AWS IAM policy scoped to the specific service and permissions for a limited amount of time.
Now claude asks me to approve the permissions and the MCP takes over and vends the credentials. The nice thing is that there is no backend to maintain or durations to manage since AWS STS handles all those including expiration of the credentials.
Check it out, give me your feedback and feature requests are welcome.
Free & Open Source: https://github.com/builder-magic/timebound-iam
Similar Projects
Security●●Solid
Qarapace – GCP IAM reviews with persistent decisions and audit trails
Persistent IAM review with audit trails beats one-shot scanners, but GCP-only limits reach.
Solve My ProblemNiche Gem
gjanvier
103mo ago
Developer Tools●●Solid
MCP Storage Map – One MCP Server for MySQL, MongoDB, and Athena
It gives Claude/Cursor-style assistants a single set of MCP actions (query, list_collections, describe_collection) across SQL, NoSQL and analytics stores, and smartly defaults to read-only so you don't accidentally mutate production. Configuration via env vars or the Claude CLI plus an extensible McpConnector interface makes it a pragmatic, low-friction tool for LLM tooling — more adapters, auth examples (IAM for Athena) and docs would push it further.
Solve My ProblemNiche Gem
jeffchoi
103mo ago
Security●●●Banger
Wombat, a Unix-style rwxd permissions for MCP tool calls
Unix chmod for AI agents—same push_files tool allowed on feature branches, denied on main.
Big BrainWizardry
johnchque
212mo ago
Developer Tools●Mid
Awsim – Lightweight AWS emulator in Go (40 services in progress)
LocalStack alternative in Go, but LocalStack already owns local AWS testing with better service coverage.
Ship It
sivchari
303mo ago
Developer Tools●●Solid
Atlasphere – Live Infrastructure Diagrams
Auto-generates AWS diagrams from read-only IAM scans with versioned change history.
Solve My ProblemSlick
andreygrehov
31174d ago