Two problems come up every time you give an AI agent AWS access: the agent has exfiltratable credentials, and you have to guess what permissions it needs in the form of an IAM policy.
iam-agent-proxy is an HTTPS proxy for AWS CLI/SDK calls that validates requests using fake AWS keys and re-signs with real credentials. And because the proxy intercepts every request, it can resolve each one to an IAM action string, generate, and even enforce a least-privilege policy from what the agent actually called.
Getting started
Start the proxy with whatever AWS profile has the permissions your agent needs:
AWS_PROFILE=my-real-profile iam-agent-proxy
In a second terminal, point the agent at it:
export AWS_PROFILE=iam-agent-proxy
export HTTPS_PROXY=http://localhost:8080
The agent gets proxy-issued fake keys — no IAM identity behind them:
{
"Version": 1,
"AccessKeyId": "AKIAPROXY0000000001",
"SecretAccessKey": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"Expiration": "2026-05-08T15:00:00Z"
}
Make some AWS calls:
aws sts get-caller-identity
aws s3 ls
The proxy terminal logs each resolved action:
[14:32:01] ALLOWED sts:GetCallerIdentity
[14:32:09] ALLOWED s3:ListAllMyBuckets
Run the agent through a representative workload, then extract the observed policy:
iam-agent-proxy policy
That emits standard IAM policy JSON you can use as an inline policy or session policy. Set PROXY_MODE=enforce and point ALLOWLIST_PATH at that file and the proxy starts blocking anything outside it, returning a well-formed AccessDenied 403 so the agent’s error handling works as designed.
The workflow inverts the usual least-privilege approach: instead of guessing what the agent needs before it runs, you observe what it actually does and lock in that baseline.
Check it out at github.com/engseclabs/iam-agent-proxy. If you’re building in this space or hit a case it doesn’t cover, reach out on LinkedIn or Mastodon.