[GH-ISSUE #92] Introduce a disable interaction flag to disable any put policy operations as a security guardrail #69

New issue

Open

opened 2026-03-07 19:41:31 +03:00 by kerem · 0 comments

kerem commented

2026-03-07 19:41:31 +03:00

Owner

Originally created by @karanjitsingh on GitHub (Dec 19, 2025).
Original GitHub issue: https://github.com/awslabs/iam-policy-autopilot/issues/92

Introduce a --read-only flag to the iam-policy-autopilot MCP server. While system prompts can discourage policy modifications, they are non-deterministic and can be bypassed. This flag will provide a deterministic security guardrail by explicitly disabling all Put and write-related operations to AWS IAM policies regardless of the model's intent.

Originally created by @karanjitsingh on GitHub (Dec 19, 2025). Original GitHub issue: https://github.com/awslabs/iam-policy-autopilot/issues/92 Introduce a --read-only flag to the iam-policy-autopilot MCP server. While system prompts can discourage policy modifications, they are non-deterministic and can be bypassed. This flag will provide a deterministic security guardrail by explicitly disabling all Put and write-related operations to AWS IAM policies regardless of the model's intent.