IAM Policy Autopilot provides an MCP server and CLI tool that analyzes application code to automatically generate baseline AWS IAM identity-based policies for application roles. It inspects AWS SDK calls in Python, Go, TypeScript, JavaScript, and Java applications to determine required permissions, enabling developers to create valid IAM policies faster and reduce access troubleshooting time during development. The server solves the problem of manual IAM policy creation by providing deterministic code analysis that generates initial policies that developers can refine as their applications evolve.
claude mcp add --transport stdio awslabs-iam-policy-autopilot uvx iam-policy-autopilot