Stats
Actions
Tags
From grc-engineer
Generates executable compliance policies from natural language inputs in OPA Rego, AWS Config Rules (Python), Sentinel, Terraform, or Checkov formats. Useful for IaC security and CI/CD governance.
How this skill is triggered — by the user, by Claude, or both
Slash command
/grc-engineer:policy-as-code-generatorThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Converts natural language compliance requirements into executable policy code. Generates OPA Rego, AWS Config Rules, Sentinel policies, or Terraform modules.
Converts natural language compliance requirements into executable policy code. Generates OPA Rego, AWS Config Rules, Sentinel policies, or Terraform modules.
Generate OPA Rego policy:
node scripts/generate-policy.js "Ensure no S3 buckets are public and all must have a 'Department' tag" rego
Generate AWS Config Rule:
node scripts/generate-policy.js "All EC2 instances must have encryption enabled" aws-config
Generate Sentinel policy:
node scripts/generate-policy.js "Terraform plans must not create resources without required tags" sentinel
Generated policies include:
npx claudepluginhub grcengclub/claude-grc-engineering --plugin grc-engineerAudits Terraform, Kubernetes, and cloud configs against CIS, SOC 2, HIPAA using Checkov, tfsec, OPA. Generates compliance reports, remediation patches, and CI/CD gating steps.
Expert guidance for Azure Policy development: troubleshooting non-compliance, authoring Machine Configuration packages, deploying with ARM/Bicep/Terraform, mapping CIS/NIST baselines, and querying compliance with Resource Graph. Not for Azure Blueprints, RBAC, or ARM.
Maps IaC files (Terraform, Kubernetes, CloudFormation, Pulumi, Ansible) to compliance controls (SOC 2, ISO 27001, NIST 800-53) and generates markdown evidence reports with status and recommendations.