analyze_permissions
Analyze IAM permissions and access policies across AWS, Azure, or GCP cloud providers to identify security compliance issues and manage resource access.
Instructions
Analyze IAM permissions and access policies
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| provider | Yes | Cloud provider |
Implementation Reference
- src/tools/security.ts:156-167 (handler)Handler function implementation for the 'analyze_permissions' tool. It returns a placeholder response with recommendations since full implementation is pending.case 'analyze_permissions': { return { provider, message: 'Permission analysis not yet fully implemented', recommendations: [ 'Review IAM policies regularly', 'Follow principle of least privilege', 'Enable MFA for all users', 'Audit permissions quarterly', ], }; }
- src/tools/security.ts:46-60 (schema)Tool schema definition including name, description, and input schema requiring a 'provider' parameter.{ name: 'analyze_permissions', description: 'Analyze IAM permissions and access policies', inputSchema: { type: 'object', properties: { provider: { type: 'string', enum: ['aws', 'azure', 'gcp'], description: 'Cloud provider', }, }, required: ['provider'], }, },
- src/server.ts:19-27 (registration)Registration of all tools including securityTools (which contains 'analyze_permissions') into the main allTools array used for listing tools.const allTools = [ ...awsTools, ...azureTools, ...gcpTools, ...resourceManagementTools, ...costAnalysisTools, ...monitoringTools, ...securityTools, ];
- src/server.ts:76-77 (registration)Dispatch logic in the MCP server that routes calls to 'analyze_permissions' (via securityTools check) to the handleSecurityTool function.} else if (securityTools.some((t) => t.name === name)) { result = await handleSecurityTool(name, args || {});