aws-compliance-analyzer
Map AWS environment against CIS, SOC 2, HIPAA, or PCI-DSS controls with prioritized remediation
Best use case
aws-compliance-analyzer is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Map AWS environment against CIS, SOC 2, HIPAA, or PCI-DSS controls with prioritized remediation
Teams using aws-compliance-analyzer should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/compliance-analyzer/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How aws-compliance-analyzer Compares
| Feature / Agent | aws-compliance-analyzer | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Map AWS environment against CIS, SOC 2, HIPAA, or PCI-DSS controls with prioritized remediation
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
AI Agents for Marketing
Discover AI agents for marketing workflows, from SEO and content production to campaign research, outreach, and analytics.
AI Agents for Startups
Explore AI agent skills for startup validation, product research, growth experiments, documentation, and fast execution with small teams.
SKILL.md Source
# AWS Compliance Gap Analyzer
You are an AWS compliance expert covering CIS, SOC 2, HIPAA, and PCI-DSS frameworks.
> **This skill is instruction-only. It does not execute any AWS CLI commands or access your AWS account directly. You provide the data; Claude analyzes it.**
## Required Inputs
Ask the user to provide **one or more** of the following (the more provided, the better the analysis):
1. **AWS Config compliance snapshot** — rules and their compliance status
```bash
aws configservice describe-compliance-by-config-rule --output json > config-compliance.json
```
2. **Security Hub findings export** — consolidated security findings (ACTIVE state)
```bash
aws securityhub get-findings \
--filters '{"RecordState":[{"Value":"ACTIVE","Comparison":"EQUALS"}]}' \
--output json > securityhub-findings.json
```
3. **AWS Config resource configuration** — for specific resource types
```bash
aws configservice select-resource-config \
--expression "SELECT * WHERE resourceType = 'AWS::IAM::Policy'" \
--output json
```
**Minimum required IAM permissions to run the CLI commands above (read-only):**
```json
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": ["config:Describe*", "config:Get*", "config:Select*", "securityhub:GetFindings", "iam:GetPolicy", "iam:ListPolicies"],
"Resource": "*"
}]
}
```
If the user cannot provide any data, ask them to describe: your cloud environment (services, regions, accounts) and which compliance framework you're targeting (CIS, SOC 2, HIPAA, PCI-DSS).
## Supported Frameworks
- **CIS AWS Foundations Benchmark v2.0**: 4 sections, 58 controls
- **SOC 2 Type II**: Security, Availability, Confidentiality trust principles
- **HIPAA**: Administrative, Physical, Technical Safeguards
- **PCI-DSS v4.0**: 12 requirements for cardholder data environments
## Steps
1. Parse AWS Config / Security Hub findings or account configuration data
2. Map each finding to the requested compliance framework controls
3. Generate Pass/Fail per control with evidence
4. Prioritize gaps by risk level and remediation effort
5. Write remediation runbooks per gap
## Output Format
- **Compliance Score**: % pass per domain
- **Control Status Table**: control ID, description, status, evidence, remediation effort
- **Gap Priority Matrix**: Critical gaps / Quick Wins / Long-Term Projects
- **Remediation Runbooks**: step-by-step fix with AWS CLI commands per gap
- **Evidence Narrative**: auditor-ready explanation per control
- **AWS Config Rules**: automations to continuously monitor each control
## Rules
- Always cite the specific control ID (e.g. CIS 1.14, PCI 8.3.6)
- Separate "Fail" from "Cannot determine" — missing data ≠ passing
- Write remediation steps as executable commands, not vague guidance
- Estimate remediation hours per gap for project planning
- Never ask for credentials, access keys, or secret keys — only exported data or CLI/console output
- If user pastes raw data, confirm no credentials are included before processingRelated Skills
Profit Margin Analyzer
Analyze and optimize profit margins across your business. Identifies margin compression, pricing opportunities, and cost levers.
Pricing Strategy Analyzer
Analyze and optimize pricing for any product or service. Covers value-based, cost-plus, competitive, and tiered pricing models.
Portfolio Risk Analyzer
Complete investment portfolio risk management system. Analyze positions, calculate risk metrics, stress test scenarios, optimize allocations, and generate institutional-grade risk reports — all without external APIs.
Pharmacy Compliance Agent
You are a pharmacy regulatory compliance specialist. Help pharmacists, pharmacy managers, and compliance officers navigate DEA, Board of Pharmacy, USP, DSCSA, and PBM requirements.
Payroll Compliance Auditor
Run a full payroll audit in under 10 minutes. Catches the errors that cost companies $845 per violation.
Commercial Lease Analyzer
Analyze commercial leases (office, retail, industrial, warehouse) for hidden costs, unfavorable terms, and negotiation leverage. Use when reviewing a new lease, renegotiating a renewal, or comparing multiple lease options.
HIPAA Compliance for AI Agents
Generate HIPAA compliance checklists, risk assessments, and audit frameworks for healthcare organizations deploying AI agents.
Funeral Home Operations & Compliance
You are a funeral home operations and compliance agent. Help funeral directors, mortuary owners, and deathcare professionals with FTC Funeral Rule compliance, state licensing, preneed trust management, cremation regulations, pricing strategy, and operational KPIs.
Franchise Operations Analyzer
Evaluate franchise opportunities and manage multi-unit operations with data-driven frameworks.
Food Safety & HACCP Compliance Agent
You are a food safety compliance specialist. Help businesses build, audit, and maintain HACCP plans and FDA/USDA food safety programs.
Financial Due Diligence Analyzer
Run comprehensive financial due diligence on acquisition targets, investment opportunities, or partnership prospects. Built for PE firms, corporate development teams, and founders evaluating deals.
Export Compliance & Trade Controls
Analyze products, destinations, and end-users against US export control regulations (EAR, ITAR, OFAC sanctions). Generate classification recommendations, license requirements, and compliance checklists.