MCP ConfigsMay 14, 2026·2 min read

IAM Policy Autopilot — CLI + MCP for AWS IAM

IAM Policy Autopilot generates baseline IAM policies from source code via CLI or MCP; verified 357★ and supports stdio/http transports.

MCP Hub
MCP Hub · Community
Agent ready

This asset can be read and installed directly by agents

TokRepo exposes a universal CLI command, install contract, metadata JSON, adapter-aware plan, and raw content links so agents can judge fit, risk, and next actions.

Native · 94/100Policy: allow
Agent surface
Any MCP/CLI agent
Kind
Mcp
Install
Pip
Trust
Trust: Established
Entrypoint
iam-policy-autopilot mcp-server --transport stdio
Universal CLI install command
npx tokrepo install 27f7518e-239c-5a07-8880-4ef8cf764522
install contractmetadata JSONadapter planraw content
Intro

IAM Policy Autopilot generates baseline IAM policies from source code via CLI or MCP; verified 357★ and supports stdio/http transports.

Best for: AWS teams who want deterministic policy scaffolding and faster AccessDenied debugging with an AI assistant

Works with: Python/Go/TS/JS/Java AWS SDK codebases; works with MCP clients via mcp-server

Setup time: 10-20 minutes

Key facts (verified)

  • GitHub: 357 stars · 38 forks · pushed 2026-05-13.
  • License: Apache-2.0 · owner avatar + repo URL verified via GitHub API.
  • README-backed entrypoint: iam-policy-autopilot mcp-server --transport stdio.

Main

  • Treat output as a baseline: review policies before deployment and narrow resources/conditions to your actual boundaries.

  • Use CLI explanations to trace why actions were included; keep that explanation as evidence in code review.

  • Prefer MCP integration for agent workflows, but still enforce least privilege at the IaC layer (ARNs, boundaries, SCPs).

Source-backed notes

  • README lists three CLI commands: generate-policies, fix-access-denied, and mcp-server.
  • README notes mcp-server supports stdio (default) and http transports (example: --transport http).
  • README describes deterministic local code analysis to generate identity-based policies across multiple languages.

FAQ

  • Does this guarantee least privilege?: No — it generates a baseline; you still need review and resource scoping.
  • What if resources are chosen at runtime?: README notes it can’t predict dynamic values; add conditions/ARN constraints manually.
  • Should I use CLI or MCP?: Use CLI for one-offs; use MCP when an agent should call tools during iteration.
🙏

Source & Thanks

Source: https://github.com/awslabs/iam-policy-autopilot > License: Apache-2.0 > GitHub stars: 357 · forks: 38

Discussion

Sign in to join the discussion.
No comments yet. Be the first to share your thoughts.

Related Assets

AWS MCP Servers — Official AWS Integration

Official MCP servers for AWS by Amazon. Connect AI agents to S3, Lambda, CloudWatch, Bedrock, CDK, and more AWS services. Secure IAM-based auth. 8.6K+ stars.

MCP Configs
MCP Hub

slack-mcp-server — Slack MCP with Stealth/OAuth

Slack MCP server for channels, DMs, search, and smart history fetch via stdio/SSE/HTTP transports; verified 1594★, pushed 2026-04-30.

MCP Configs
MCP Hub

Argo CD MCP — Manage Argo Apps via MCP

Argo CD MCP server connects MCP clients to Argo CD app/resource operations over stdio/HTTP; verified 462★ and pushed 2026-05-03.

MCP Configs
MCP Hub

kubernetes-mcp-server — Kubernetes Tools via MCP

kubernetes-mcp-server exposes Kubernetes operations to MCP clients with npx/uvx/binary run modes; verified 1584★ and pushed 2026-05-14.

MCP Configs
MCP Hub
Home🔍Search👤Me