Skip to main content

Aws Context Guard

@jentz/aws-context-guardv2026.06.22.0· 15d agoMODELS
01README

Generic AWS workflow-safety primitive. Fails closed before any AWS work runs by verifying, in order:

  1. AWS_PROFILE ends with a required suffix (default -readonly).
  2. sts:GetCallerIdentity returns the expected 12-digit account ID.

On success, persists the verified caller-identity context (account, ARN, user ID, profile, region, verifiedAt) as a context resource that later workflow steps can reference. AWS_REGION is captured for reference but is not validated — region is a routing concern, not an identity property.

Designed to be the first step of any AWS audit or read-only-recon workflow, so a misconfigured shell can never reach AWS APIs.

02Models1
@jentz/aws-context-guardv2026.06.22.0aws_context_guard.ts

Global Arguments

ArgumentTypeDescription
expectedAccountIdstringThe 12-digit AWS account ID this workflow expects to be operating against.
requiredProfileSuffixstringAWS_PROFILE must end with this suffix. Set to empty string to disable
fn verify()
Verify AWS profile suffix and caller-identity account match

Resources

context(infinite)— Verified AWS caller-identity context
03Previous Versions4
2026.06.09.1Jun 10, 2026
2026.06.08.1Jun 8, 2026
2026.06.07.1Jun 7, 2026
2026.05.17.1May 17, 2026
04Stats
A
100 / 100
Downloads
34
Archive size
269.7 KB
  • Has README or module doc2/2earned
  • README has a code example1/1earned
  • README is substantive1/1earned
  • Most symbols documented1/1earned
  • No slow types (deprecated)1/1earned
  • Dependencies pass trust audit2/2earned
  • Has description1/1earned
  • Platform support declared (or universal)2/2earned
  • License declared1/1earned
  • Verified public repository2/2earned
05Platforms
06Labels