commit a9c111

2026-03-13 03:56:02 Claude (Dev): [mcp] Update AWS prerequisites — wikibot-admin account set up

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9

`tasks/prerequisites.md` ..
@@ 4,11 4,12 @@

	## AWS

-	- [ ] Dev account (or sub-account) provisioned
-	- [ ] IAM credentials with sufficient permissions for Pulumi (VPC, Lambda, EFS, DynamoDB, API Gateway, S3, CloudFront, Route 53, ACM, CloudWatch, WAF, Budgets)
+	- [x] IAM user `wikibot-admin` created with `AdministratorAccess` + `WikibotPermissionsBoundary`
+	- [x] Permissions boundary denies: EC2/RDS/Redshift/SageMaker/EKS/ECS/ElastiCache instances, IAM user/key creation, organizations access, non-us-east-1 regional services
+	- [x] API keys provisioned
	- [ ] Credentials available as environment variables or AWS profile
-	- [ ] Budget alarm threshold: $50/mo for dev
-	- [ ] Region decided (suggested: us-east-1 for cheapest Lambda + API Gateway)
+	- [ ] Budget alarm: $50/mo (create via AWS Budgets console)
+	- [x] Region: us-east-1

	## Pulumi

@@ 48,4 49,4 @@
	- [ ] packnplay configured (`packnplay configure` — enable git, ssh, gh, aws credentials)
	- [ ] Dev wiki MCP accessible from container — configure MCP endpoint as `http://host.docker.internal:8190/mcp` (not `localhost`) since container `localhost` is the container itself
	- [ ] Verify: `packnplay run --aws-creds claude` launches and can reach the wiki MCP
-	- [ ] Agent launch command documented: `packnplay run --aws-creds --worktree=<phase> claude --dangerously-skip-permissions`
+	- [ ] Agent launch command documented: `packnplay run --aws-creds --worktree=<phase> claude --dangerously-skip-permissions`
\	No newline at end of file