Critical-risk tools in AWS IAM MCP Server
6 of the 29 tools in AWS IAM MCP Server are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
delete_access_keyDestructiveDelete an access key for an IAM user. Args: user_name: The name of the IAM user access_key_id: The access key ID to delete confirmed: Must be true to confirm this w...
-
delete_groupDestructiveDelete an IAM group. Args: group_name: The name of the IAM group to delete force: If True, removes all members and attached policies first confirmed: Must be true t...
-
delete_role_policyDestructiveDelete an inline policy from an IAM role. This tool removes an inline policy from the specified role. The policy document will be permanently deleted and cannot be recovered. ...
-
delete_userDestructiveDelete an IAM user. Args: user_name: The name of the IAM user to delete force: If True, removes all attached policies, groups, and access keys first confirmed: Must...
-
delete_user_policyDestructiveDelete an inline policy from an IAM user. This tool removes an inline policy from the specified user. The policy document will be permanently deleted and cannot be recovered. ...
-
remove_user_from_groupDestructiveRemove a user from an IAM group. Args: group_name: The name of the IAM group user_name: The name of the IAM user confirmed: Must be true to confirm this write opera...
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.