PolicyPatch

PolicyPatch is a web app (with optional CLI) that continuously checks your AWS, Azure, and GCP IAM and resource policies against your intended baseline, then generates safe, reviewable “patches” to bring them back into compliance. Instead of dumping noisy findings, it focuses on actionable diffs: what changed, who/what changed it, what risk it introduces, and the smallest change to remediate. It integrates with GitOps workflows by exporting policy-as-code pull requests (Terraform/CloudFormation/Bicep where possible) and can open tickets with evidence attached. The product is an AI-assisted app: AI helps summarize policy intent, explain risks in plain language, and propose minimal remediations, but every change is gated by approvals and dry-run validation. The goal is to reduce security incidents caused by accidental over-permissioning and “temporary” exceptions that never get reverted.