PolicyPatch

PolicyPatch is a web app (with optional CLI) that continuously detects and remediates risky IAM policy drift across AWS, Azure, and GCP. It watches for privilege creep, wildcard permissions, unused roles, and policy changes that bypass review, then generates a safe, minimal patch set and opens a pull request to your IaC repo (Terraform/CloudFormation/Bicep) instead of making silent changes. The product focuses on “actionable compliance”: every finding maps to a concrete least-privilege diff, an owner, and a rollback plan. It also provides a lightweight approval workflow, audit trail, and evidence exports for SOC 2/ISO 27001. This is a combination app: traditional rules + AI assistance to explain risk, propose least-privilege alternatives, and summarize impact in plain English. It’s realistic for mid-market teams that can’t afford a full-blown cloud security platform.