[GH-ISSUE #92] Introduce a disable interaction flag to disable any put policy operations as a security guardrail #70

New issue

Open

opened 2026-03-07 19:41:35 +03:00 by kerem · 0 comments

kerem commented 2026-03-07 19:41:35 +03:00

Owner

Copy link

Originally created by @karanjitsingh on GitHub (Dec 19, 2025).
Original GitHub issue: https://github.com/awslabs/iam-policy-autopilot/issues/92

Introduce a --read-only flag to the iam-policy-autopilot MCP server. While system prompts can discourage policy modifications, they are non-deterministic and can be bypassed. This flag will provide a deterministic security guardrail by explicitly disabling all Put and write-related operations to AWS IAM policies regardless of the model's intent.

Originally created by @karanjitsingh on GitHub (Dec 19, 2025). Original GitHub issue: https://github.com/awslabs/iam-policy-autopilot/issues/92 Introduce a --read-only flag to the iam-policy-autopilot MCP server. While system prompts can discourage policy modifications, they are non-deterministic and can be bypassed. This flag will provide a deterministic security guardrail by explicitly disabling all Put and write-related operations to AWS IAM policies regardless of the model's intent.

kerem added the

enhancement

label 2026-03-07 19:41:35 +03:00

kerem referenced this issue 2026-03-15 11:53:56 +03:00

[PR #75] [MERGED] test: add tests for #70 #215

kerem referenced this issue 2026-03-15 11:53:56 +03:00

[PR #70] [MERGED] Use SDK info to find operation from method name #216

kerem referenced this issue 2026-03-15 11:53:56 +03:00

[PR #72] [CLOSED] docs: add issue templates (#2) #218

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

auto/update-submodules-20260419

auto/update-submodules-20260412

auto/update-submodules-20260405

auto/update-submodules-20260329

auto/update-submodules-20260322

auto/update-submodules-20260315

auto/update-submodules-20260308

auto/update-submodules-20260301

auto/update-submodules-20260222

auto/update-submodules-20260215

auto/update-submodules-20260209

auto/update-submodules-20260208

release/0.1.4

release/0.1.3

release/0.1.2

release/0.1.1

0.1.4

0.1.3

0.1.2

0.1.1

Labels

Clear labels   

bug

  

code-quality

  

documentation

  

enhancement

  

good first issue

  

pull-request

Mirrored from GitHub Pull Request

  

tooling

  

tooling

No labels

bug

code-quality

documentation

enhancement

good first issue

pull-request

tooling

tooling

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/iam-policy-autopilot#70

No description provided.