3a7bf728-a355-406e-98e0-2003ca834a2e
— Retrievable via GET /ai/narratives/3a7bf728-a355-406e-98e0-2003ca834a2e
a. Define and document the types of accounts allowed and specifically prohibited for use within the system; b. Assign account managers; c. Require [Assignment: organization-defined prerequisites and criteria] for group and role membership; d. Specify: 1. Authorized users of the system; 2. Group and role membership; and 3. Access authorizations (i.e., privileges) and [Assignment: organization-defined attributes (as required)] for each account; e. Require approvals by [Assignment: organization-defined personnel or roles] for requests to create accounts; f. Create, enable, modify, disable, and remove accounts in accordance with [Assignment: organization-defined policy, procedures, prerequisites, and criteria]; g. Monitor the use of accounts; h. Notify account managers and [Assignment: organization-defined personnel or roles] within: 1. [FedRAMP Assignment: twenty-four (24) hours] when accounts are no longer required; 2. [FedRAMP Assignment: eight (8) hours] when users are terminated or transferred; and 3. [FedRAMP Assignment: eight (8) hours] when system usage or need-to-know changes for an individual; i. Authorize access to the system based on: 1. A valid access authorization; 2. Intended system usage; and 3. [Assignment: organization-defined attributes (as required)]; j. Review accounts for compliance with account management requirements [FedRAMP Assignment: monthly for privileged accessed, every six (6) months for non-privileged access]; k. Establish and implement a process for changing shared or group account authenticators (if deployed) when individuals are removed from the group; and l. Align account management processes with personnel termination and transfer processes.
Responsible Role: Infrastructure, GRC, Account Manager, Customer Parameter AC-2(c): Account provisioning/deprovisioning process for FedRAMP accounts Parameter AC-2(d)(3): The organization attributes Parameter AC-2(e): Group Owners and ISSO Parameter AC-2(f): Access Control policies and procedures Parameter AC-2(h): Group Owners Parameter AC-2(h)(1): twenty-four (24) hours] when accounts are no longer required Parameter AC-2(h)(2): eight (8) hours Parameter AC-2(h)(3): eight (8) hours Parameter AC-2(i)(3): The organization account attributes (as required) Parameter AC-2(j): monthly for privileged accessed, every six (6) months for non-privileged access
☐ Implemented ☒ Partially Implemented ☐ Planned ☐ Alternative implementation ☐ Not Applicable
☐ Service Provider Corporate ☐ Service Provider System Specific ☐ Service Provider Hybrid (Corporate and System Specific) ☐ Configured by Customer (Customer System Specific) ☐ Provided by Customer (Customer System Specific) ☒ Shared (Service Provider and Customer Responsibility) ☒ Inherited from pre-existing FedRAMP Authorization for {{INHERITED_AUTH_NAME}}, {{INHERITED_AUTH_DATE}}
AWS IAM users, roles, and groups are used to define account types and administrative roles for the system. The system inherits applicable infrastructure security capabilities from Amazon Web Services (AWS), which maintains a FedRAMP authorization ({{INHERITED_AUTH_NAME}}, {{INHERITED_AUTH_DATE}}).
The organization defines allowed and prohibited account types for the system in governance documentation and administrative standards. Continuous monitoring activities track control maturity and drive iterative improvement.
Customers define allowed and prohibited account types for any customer-managed identities or access paths integrated with the system.
Account management privileges are constrained through IAM roles and policies to support accountability and separation of duties.
The organization assigns account managers and approval authorities for account lifecycle actions within the system boundary. Governance reviews validate the assignment model and incorporate refinements through standard change management.
Customers assign their own account managers for customer-administered identities and access paths.
IAM group and role membership, along with conditional access controls, enforce prerequisites for privileged membership.
The organization defines prerequisites and criteria for group and role membership for system administrative access. Documented role intent and membership criteria are maintained through configuration management and periodic reviews.
Customers require organization-defined prerequisites and criteria for group and role membership for customer-managed identities.
IAM policies and role assumptions define authorized users, group and role membership, and access authorizations for system administration.
The organization specifies authorized users, group and role membership, and access authorizations for each system account type, including required account attributes. An authoritative account inventory is maintained and updated through controlled administrative workflows, with enhancements tracked through continuous monitoring governance.
Customers are responsible for specifying authorized users, group and role membership, and access authorizations, including organization-defined attributes, for customer-managed accounts.
Provisioning actions are limited to approved administrators via scoped IAM permissions and documented approval workflows.
The organization requires approvals by designated account managers and group owners for requests to create and modify system accounts. Approval steps and authorities are defined in procedures and maintained through governance workflows, including POA&M tracking as applicable.
Customers require approvals by organization-defined personnel or roles for requests to create accounts.
IAM lifecycle functions are used to create, modify, disable, and remove identities and associated permissions.
The organization performs account creation, enablement, modification, disablement, and removal in accordance with access control policies and procedures. Account lifecycle actions are executed through controlled administrative processes aligned to defined prerequisites and criteria.
Customers create, enable, modify, disable, and remove customer-managed accounts in accordance with organization-defined policy, procedures, prerequisites, and criteria.
AWS management-plane logging services support monitoring of account usage and account management activity. Centralization and retention configurations are governed through standard change management.
The organization monitors the use of accounts using available identity and activity records to support detection of anomalous or unauthorized use. Monitoring enhancements, including expanded audit trail coverage, are prioritized through continuous monitoring governance.
Customers monitor the use of customer-managed accounts and any external identity providers integrated with the system.
Workflow records and system event sources support time-bound notifications and traceability for account status changes.
The organization notifies account managers and designated personnel within FedRAMP-defined timeframes when accounts are no longer required, when users are terminated or transferred, and when usage or need-to-know changes. Joiner/mover/leaver workflow improvements are incorporated through governance reviews and tracked to closure as applicable.
Customers notify their account managers and designated personnel within FedRAMP-defined timeframes for customer-managed identities and access paths.
IAM policy evaluation enforces access decisions based on approved authorization, intended usage, and configured attributes.
The organization authorizes access based on validated access authorization, intended system usage, and defined account attributes. MFA is enabled for the root account and additional MFA coverage is managed as part of ongoing access control hardening activities.
Customers authorize access for customer-managed identities based on valid authorization, intended usage, and organization-defined attributes.
IAM reporting and inventory data support periodic privileged and non-privileged access reviews.
The organization reviews privileged access monthly and non-privileged access every six months for alignment with account management requirements. Review outcomes and remediation actions are managed through documented governance workflows.
Customers perform periodic access reviews for customer-managed accounts at FedRAMP-defined frequencies and track remediation actions to completion.
Credential management mechanisms support rotation of authenticators for any approved shared or group access mechanisms.
The organization establishes procedures for changing shared or group account authenticators, when such mechanisms are approved for use, upon personnel removal from the group. Where shared access is used, authenticator changes are managed as a controlled administrative activity.
Customers establish and implement processes for changing shared or group account authenticators, when used, upon personnel removal.
Identity lifecycle controls support timely disablement and removal aligned to personnel status changes.
The organization aligns account management processes with personnel termination and transfer processes to support timely access changes. Process alignment improvements are incorporated through periodic reviews and standard change management.
Customers align customer account management processes with their personnel termination and transfer processes for any customer-managed identities.
High-level planning + tools used (no chain-of-thought). This helps validate the narrative is evidence-driven.
| Tool | Args | Result |
|---|---|---|
aws_default_evidence_snapshot |
{
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45"
} |
ok |
aws_summarize_iam_users |
{
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45"
} |
ok |
aws_summarize_iam_policy_attachments |
{
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45"
} |
ok |
aws_summarize_iam_authentication_posture |
{
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45"
} |
ok |
aws_summarize_cloudtrail_posture |
{
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45"
} |
ok |
aws_summarize_cloudwatch_log_groups |
{
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45"
} |
ok |
aws_counts_by_resource_type |
{
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45",
"table": "identities"
} |
ok |
aws_list_records |
{
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45",
"limit": 50,
"resource_type": "iam_user",
"table": "identities"
} |
ok |
aws_list_records |
{
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45",
"limit": 50,
"resource_type": "iam_role",
"table": "identities"
} |
ok |
aws_list_records |
{
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45",
"limit": 50,
"resource_type": "iam_group",
"table": "identities"
} |
ok |
The exact evidence data the AI model used to generate this narrative. Stored with every generated narrative for traceability (AU-3).
{
"account_id": "154776478584",
"analysis": {
"assessor_summary": [
"Establish documented account lifecycle processes (request, approval, provisioning, modification, deprovisioning).",
"Maintain an authoritative inventory of accounts (human, admin, service) mapped to roles and owners.",
"Enforce periodic account reviews and timely removal/disablement for separated or inactive users.",
"Apply least privilege, role-based assignment, and separation of duties for privileged accounts.",
"Log and audit account management actions and retain evidence of reviews and remediations."
],
"evidence_needs": [
"Account management policy and procedures (lifecycle, approvals, privileged/service accounts)",
"System security plan (SSP) account management description and boundary account sources",
"Identity store configuration/export (IdP/IAM/Directory) showing account types, status, groups/roles",
"Joiner-mover-leaver workflow artifacts (tickets/requests) with approvals and timestamps",
"Provisioning and deprovisioning samples (new hire, role change, termination) with evidence of completion",
"Periodic access review records (user and privileged accounts), reviewer attestations, and remediation tracking",
"Privileged account inventory and management evidence (admin accounts, break-glass, PAM where used)",
"Service account inventory with owners, purpose, credential management/rotation, and usage constraints",
"Account disablement/inactivity controls and reports (inactive accounts, lockout/disable settings)",
"Audit logs for account events (create/modify/disable/delete, group/role changes) and log retention settings",
"Training/administrator guidance for account administration (runbooks) and change control for IAM configurations"
],
"preferred_tables": [
"identities",
"assets",
"data_stores"
]
},
"control_id": "AC-2",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45",
"narrative_generation": {
"implementation_status": "Partially Implemented",
"saved_via": "human_acceptance"
},
"tool_calls": [
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45"
},
"name": "aws_default_evidence_snapshot"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45"
},
"name": "aws_summarize_iam_users"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45"
},
"name": "aws_summarize_iam_policy_attachments"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45"
},
"name": "aws_summarize_iam_authentication_posture"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45"
},
"name": "aws_summarize_cloudtrail_posture"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45"
},
"name": "aws_summarize_cloudwatch_log_groups"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45",
"table": "identities"
},
"name": "aws_counts_by_resource_type"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45",
"limit": 50,
"resource_type": "iam_user",
"table": "identities"
},
"name": "aws_list_records"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45",
"limit": 50,
"resource_type": "iam_role",
"table": "identities"
},
"name": "aws_list_records"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45",
"limit": 50,
"resource_type": "iam_group",
"table": "identities"
},
"name": "aws_list_records"
}
],
"tool_outputs": [
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45"
},
"name": "aws_default_evidence_snapshot",
"result": {
"counts": {
"assets": [
{
"count": 3,
"resource_type": "ebs_volume"
},
{
"count": 2,
"resource_type": "ec2_instance"
}
],
"data_stores": [],
"identities": [
{
"count": 1,
"resource_type": "iam_credential_report"
},
{
"count": 1,
"resource_type": "iam_password_policy"
},
{
"count": 4,
"resource_type": "iam_role"
},
{
"count": 5,
"resource_type": "iam_user"
}
],
"network_components": [
{
"count": 1,
"resource_type": "internet_gateway"
},
{
"count": 1,
"resource_type": "network_acl"
},
{
"count": 1,
"resource_type": "route_table"
},
{
"count": 3,
"resource_type": "security_group"
},
{
"count": 6,
"resource_type": "subnet"
},
{
"count": 1,
"resource_type": "vpc"
}
]
},
"summaries": {
"cloudtrail": {
"cloudwatch_logs_integration_trails_count": 0,
"kms_enabled_trails_count": 0,
"log_file_validation_enabled_trails_count": 0,
"logging_enabled_trails_count": 0,
"multi_region_trails_count": 0,
"sample_trails": [],
"total_trails": 0
},
"cloudwatch_logs": {
"kms_encrypted_log_groups_count": 0,
"log_groups_with_retention_count": 0,
"log_groups_without_retention_count": 0,
"sample_log_groups_without_retention": [],
"total_log_groups": 0
},
"cm8_inventory": {
"counts": {
"assets": [
{
"count": 3,
"resource_type": "ebs_volume"
},
{
"count": 2,
"resource_type": "ec2_instance"
}
],
"data_stores": [],
"identities": [
{
"count": 1,
"resource_type": "iam_credential_report"
},
{
"count": 1,
"resource_type": "iam_password_policy"
},
{
"count": 4,
"resource_type": "iam_role"
},
{
"count": 5,
"resource_type": "iam_user"
}
],
"network_components": [
{
"count": 1,
"resource_type": "internet_gateway"
},
{
"count": 1,
"resource_type": "network_acl"
},
{
"count": 1,
"resource_type": "route_table"
},
{
"count": 3,
"resource_type": "security_group"
},
{
"count": 6,
"resource_type": "subnet"
},
{
"count": 1,
"resource_type": "vpc"
}
]
},
"ebs_volumes": {
"encrypted_volumes_count": 0,
"sample_unencrypted_volumes": [
{
"attachments": [
{
"attach_time": "2022-09-10 19:16:37+00:00",
"delete_on_termination": true,
"device": "/dev/sda1",
"instance_id": "i-0322a28bf1a8a68c5",
"state": "attached"
}
],
"region": "us-east-1",
"size_gb": 10,
"volume_id": "vol-0402ca2f2f3be9e94"
},
{
"attachments": [
{
"attach_time": "2022-08-28 20:05:24+00:00",
"delete_on_termination": true,
"device": "/dev/sdb",
"instance_id": "i-0601780d500bb51ea",
"state": "attached"
}
],
"region": "us-east-1",
"size_gb": 10,
"volume_id": "vol-017cf162462cc1786"
},
{
"attachments": [
{
"attach_time": "2022-08-28 20:05:24+00:00",
"delete_on_termination": true,
"device": "/dev/sda1",
"instance_id": "i-0601780d500bb51ea",
"state": "attached"
}
],
"region": "us-east-1",
"size_gb": 20,
"volume_id": "vol-05e6fd7a0bd29300e"
}
],
"total_volumes": 3,
"unencrypted_volumes_count": 3
}
},
"ec2_instances": {
"monitoring_enabled_count": 0,
"sample_instances": [
{
"iam_instance_profile": null,
"instance_id": "i-0601780d500bb51ea",
"instance_type": "t2.medium",
"monitoring_enabled": false,
"region": "us-east-1",
"security_group_ids": [
"sg-090ff45d5d6ad1cd4"
],
"state": "stopped",
"subnet_id": "subnet-0b8c568bc3659b486",
"tags": {
"Name": "First Instance"
},
"vpc_id": "vpc-033668c99bb7641b0"
},
{
"iam_instance_profile": null,
"instance_id": "i-0322a28bf1a8a68c5",
"instance_type": "t2.micro",
"monitoring_enabled": false,
"region": "us-east-1",
"security_group_ids": [
"sg-090ff45d5d6ad1cd4"
],
"state": "stopped",
"subnet_id": "subnet-05c9a438bb7c68867",
"tags": {
"Name": "Second Instance"
},
"vpc_id": "vpc-033668c99bb7641b0"
}
],
"states": {
"stopped": 2
},
"total_instances": 2
},
"iam_authentication_posture": {
"credential_report": {
"access_key_1_active_count": 2,
"access_key_2_active_count": 0,
"mfa_active_count": 1,
"password_enabled_count": 5,
"root_mfa_active": "true",
"sample_users": [
{
"access_key_1_active": "true",
"access_key_2_active": "false",
"mfa_active": "false",
"password_enabled": "false",
"password_last_used": "N/A",
"user": "AbdulHadi"
},
{
"access_key_1_active": "false",
"access_key_2_active": "false",
"mfa_active": "false",
"password_enabled": "true",
"password_last_used": "2025-12-11T17:46:35Z",
"user": "farhan"
},
{
"access_key_1_active": "true",
"access_key_2_active": "false",
"mfa_active": "false",
"password_enabled": "true",
"password_last_used": "2026-03-05T15:34:43Z",
"user": "hamza"
},
{
"access_key_1_active": "false",
"access_key_2_active": "false",
"mfa_active": "false",
"password_enabled": "true",
"password_last_used": "2026-02-06T23:13:07Z",
"user": "salman"
},
{
"access_key_1_active": "false",
"access_key_2_active": "false",
"mfa_active": "false",
"password_enabled": "true",
"password_last_used": "2026-02-06T14:39:51Z",
"user": "shevyn"
}
],
"total_rows": 6
},
"password_policy": {
"exists": false
}
},
"iam_policy_attachments": {
"roles_total": 4,
"roles_with_attached_policies_count": 4,
"roles_with_inline_policies_count": 0,
"sample_roles": [
{
"arn": "arn:aws:iam::154776478584:role/Audit",
"attached_policies": [
"arn:aws:iam::aws:policy/SecurityAudit"
],
"inline_policy_names": [],
"max_session_duration": 3600,
"role_name": "Audit"
},
{
"arn": "arn:aws:iam::154776478584:role/aws-service-role/resource-explorer-2.amazonaws.com/AWSServiceRoleForResourceExplorer",
"attached_policies": [
"arn:aws:iam::aws:policy/aws-service-role/AWSResourceExplorerServiceRolePolicy"
],
"inline_policy_names": [],
"max_session_duration": 3600,
"role_name": "AWSServiceRoleForResourceExplorer"
},
{
"arn": "arn:aws:iam::154776478584:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport",
"attached_policies": [
"arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy"
],
"inline_policy_names": [],
"max_session_duration": 3600,
"role_name": "AWSServiceRoleForSupport"
},
{
"arn": "arn:aws:iam::154776478584:role/aws-service-role/trustedadvisor.amazonaws.com/AWSServiceRoleForTrustedAdvisor",
"attached_policies": [
"arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorServiceRolePolicy"
],
"inline_policy_names": [],
"max_session_duration": 3600,
"role_name": "AWSServiceRoleForTrustedAdvisor"
}
],
"sample_users": [
{
"arn": "arn:aws:iam::154776478584:user/AbdulHadi",
"attached_policies": [],
"groups": [],
"inline_policy_names": [],
"user_name": "AbdulHadi"
},
{
"arn": "arn:aws:iam::154776478584:user/farhan",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword"
],
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"user_name": "farhan"
},
{
"arn": "arn:aws:iam::154776478584:user/hamza",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword"
],
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"user_name": "hamza"
},
{
"arn": "arn:aws:iam::154776478584:user/salman",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword"
],
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"user_name": "salman"
},
{
"arn": "arn:aws:iam::154776478584:user/shevyn",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword",
"arn:aws:iam::aws:policy/AWSBillingConductorFullAccess"
],
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"user_name": "shevyn"
}
],
"top_attached_policies": [
{
"count": 4,
"policy_arn": "arn:aws:iam::aws:policy/AdministratorAccess"
},
{
"count": 4,
"policy_arn": "arn:aws:iam::aws:policy/IAMUserChangePassword"
},
{
"count": 1,
"policy_arn": "arn:aws:iam::aws:policy/AWSBillingConductorFullAccess"
},
{
"count": 1,
"policy_arn": "arn:aws:iam::aws:policy/SecurityAudit"
},
{
"count": 1,
"policy_arn": "arn:aws:iam::aws:policy/aws-service-role/AWSResourceExplorerServiceRolePolicy"
},
{
"count": 1,
"policy_arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy"
},
{
"count": 1,
"policy_arn": "arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorServiceRolePolicy"
}
],
"top_inline_policy_names": [],
"users_total": 5,
"users_with_attached_policies_count": 4,
"users_with_inline_policies_count": 0
},
"iam_users": {
"active_access_keys_count": 2,
"mfa_disabled_count": 5,
"mfa_enabled_count": 0,
"sample_users": [
{
"access_keys_count": 1,
"arn": "arn:aws:iam::154776478584:user/AbdulHadi",
"groups": [],
"mfa_enabled": false,
"password_last_used": "None",
"user_name": "AbdulHadi"
},
{
"access_keys_count": 0,
"arn": "arn:aws:iam::154776478584:user/farhan",
"groups": [
"AdminGroup"
],
"mfa_enabled": false,
"password_last_used": "2025-12-11T17:46:35Z",
"user_name": "farhan"
},
{
"access_keys_count": 1,
"arn": "arn:aws:iam::154776478584:user/hamza",
"groups": [
"AdminGroup"
],
"mfa_enabled": false,
"password_last_used": "2026-03-05T15:34:43Z",
"user_name": "hamza"
},
{
"access_keys_count": 0,
"arn": "arn:aws:iam::154776478584:user/salman",
"groups": [
"AdminGroup"
],
"mfa_enabled": false,
"password_last_used": "2026-02-06T23:13:07Z",
"user_name": "salman"
},
{
"access_keys_count": 0,
"arn": "arn:aws:iam::154776478584:user/shevyn",
"groups": [
"AdminGroup"
],
"mfa_enabled": false,
"password_last_used": "2026-02-06T14:39:51Z",
"user_name": "shevyn"
}
],
"total_users": 5
},
"network_boundary": {
"counts_by_resource_type": {
"internet_gateway": 1,
"network_acl": 1,
"route_table": 1,
"security_group": 3,
"subnet": 6,
"vpc": 1
},
"sample": {
"internet_gateway": [
{
"id": "igw-0c2d9b6f737cc026e",
"region": "us-east-1",
"summary": {
"attachments": [
{
"State": "available",
"VpcId": "vpc-033668c99bb7641b0"
}
],
"internet_gateway_id": "igw-0c2d9b6f737cc026e",
"tags": {}
},
"vpc_id": "vpc-033668c99bb7641b0"
}
],
"nat_gateway": [],
"network_acl": [
{
"id": "acl-06660319533dddb32",
"region": "us-east-1",
"summary": {
"associations": [
{
"network_acl_association_id": "aclassoc-0c29b39b3fcdfb473",
"subnet_id": "subnet-006336d9696975386"
},
{
"network_acl_association_id": "aclassoc-0618ec8477cd3a5d2",
"subnet_id": "subnet-0b8c568bc3659b486"
},
{
"network_acl_association_id": "aclassoc-02f93f4972febca91",
"subnet_id": "subnet-0c567848e2f3285b9"
},
{
"network_acl_association_id": "aclassoc-0dcb08e13e94dc611",
"subnet_id": "subnet-05c9a438bb7c68867"
},
{
"network_acl_association_id": "aclassoc-0b2e9a777557a332d",
"subnet_id": "subnet-0b3e792cb9abb6b15"
},
{
"network_acl_association_id": "aclassoc-01cbb62a80cdc5353",
"subnet_id": "subnet-06c23e873cdba6e94"
}
],
"entries": [
{
"cidr_block": "0.0.0.0/0",
"egress": true,
"ipv6_cidr_block": null,
"port_range": null,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100
},
{
"cidr_block": "0.0.0.0/0",
"egress": true,
"ipv6_cidr_block": null,
"port_range": null,
"protocol": "-1",
"rule_action": "deny",
"rule_number": 32767
},
{
"cidr_block": "0.0.0.0/0",
"egress": false,
"ipv6_cidr_block": null,
"port_range": null,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100
},
{
"cidr_block": "0.0.0.0/0",
"egress": false,
"ipv6_cidr_block": null,
"port_range": null,
"protocol": "-1",
"rule_action": "deny",
"rule_number": 32767
}
],
"is_default": true,
"network_acl_id": "acl-06660319533dddb32",
"tags": {},
"vpc_id": "vpc-033668c99bb7641b0"
},
"vpc_id": "vpc-033668c99bb7641b0"
}
],
"route_table": [
{
"id": "rtb-0e286a42d0f5851da",
"region": "us-east-1",
"summary": {
"associations": [
{
"association_id": "rtbassoc-04fbdfbd5f3d513a8",
"gateway_id": null,
"main": true,
"subnet_id": null
}
],
"route_table_id": "rtb-0e286a42d0f5851da",
"routes": [
{
"destination_cidr_block": "172.31.0.0/16",
"destination_ipv6_cidr_block": null,
"gateway_id": "local",
"instance_id": null,
"nat_gateway_id": null,
"origin": "CreateRouteTable",
"state": "active",
"transit_gateway_id": null,
"vpc_peering_connection_id": null
},
{
"destination_cidr_block": "0.0.0.0/0",
"destination_ipv6_cidr_block": null,
"gateway_id": "igw-0c2d9b6f737cc026e",
"instance_id": null,
"nat_gateway_id": null,
"origin": "CreateRoute",
"state": "active",
"transit_gateway_id": null,
"vpc_peering_connection_id": null
}
],
"tags": {},
"vpc_id": "vpc-033668c99bb7641b0"
},
"vpc_id": "vpc-033668c99bb7641b0"
}
],
"vpc_endpoint": []
}
},
"rds_instances": {
"encrypted_rds_instances_count": 0,
"publicly_accessible_rds_instances_count": 0,
"sample_unencrypted_rds_instances": [],
"total_rds_instances": 0,
"unencrypted_rds_instances_count": 0
},
"s3_buckets": {
"encrypted_buckets_count": 0,
"public_access_block_missing_count": 0,
"sample_unencrypted_buckets": [],
"total_buckets": 0,
"unencrypted_buckets_count": 0
},
"security_groups": {
"sample_world_open_security_groups": [
{
"group_id": "sg-090ff45d5d6ad1cd4",
"group_name": "launch-wizard-1",
"open_ingress_rules": [
{
"cidr_blocks": [
"0.0.0.0/0"
],
"description": null,
"from_port": 22,
"ipv6_cidr_blocks": [],
"protocol": "tcp",
"to_port": 22
}
],
"vpc_id": "vpc-033668c99bb7641b0"
},
{
"group_id": "sg-00b9a1b8acdc7534e",
"group_name": "launch-wizard-2",
"open_ingress_rules": [
{
"cidr_blocks": [
"0.0.0.0/0"
],
"description": null,
"from_port": 3389,
"ipv6_cidr_blocks": [],
"protocol": "tcp",
"to_port": 3389
}
],
"vpc_id": "vpc-033668c99bb7641b0"
}
],
"security_groups_with_world_open_ingress_count": 2,
"total_security_groups": 3,
"world_open_ingress_rule_count": 2
},
"vpc_flow_logs": {
"deliver_logs_success_count": 0,
"sample_flow_logs": [],
"total_flow_logs": 0
}
}
}
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45"
},
"name": "aws_summarize_iam_users",
"result": {
"active_access_keys_count": 2,
"mfa_disabled_count": 5,
"mfa_enabled_count": 0,
"sample_users": [
{
"access_keys_count": 1,
"arn": "arn:aws:iam::154776478584:user/AbdulHadi",
"groups": [],
"mfa_enabled": false,
"password_last_used": "None",
"user_name": "AbdulHadi"
},
{
"access_keys_count": 0,
"arn": "arn:aws:iam::154776478584:user/farhan",
"groups": [
"AdminGroup"
],
"mfa_enabled": false,
"password_last_used": "2025-12-11T17:46:35Z",
"user_name": "farhan"
},
{
"access_keys_count": 1,
"arn": "arn:aws:iam::154776478584:user/hamza",
"groups": [
"AdminGroup"
],
"mfa_enabled": false,
"password_last_used": "2026-03-05T15:34:43Z",
"user_name": "hamza"
},
{
"access_keys_count": 0,
"arn": "arn:aws:iam::154776478584:user/salman",
"groups": [
"AdminGroup"
],
"mfa_enabled": false,
"password_last_used": "2026-02-06T23:13:07Z",
"user_name": "salman"
},
{
"access_keys_count": 0,
"arn": "arn:aws:iam::154776478584:user/shevyn",
"groups": [
"AdminGroup"
],
"mfa_enabled": false,
"password_last_used": "2026-02-06T14:39:51Z",
"user_name": "shevyn"
}
],
"total_users": 5
}
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45"
},
"name": "aws_summarize_iam_policy_attachments",
"result": {
"roles_total": 4,
"roles_with_attached_policies_count": 4,
"roles_with_inline_policies_count": 0,
"sample_roles": [
{
"arn": "arn:aws:iam::154776478584:role/Audit",
"attached_policies": [
"arn:aws:iam::aws:policy/SecurityAudit"
],
"inline_policy_names": [],
"max_session_duration": 3600,
"role_name": "Audit"
},
{
"arn": "arn:aws:iam::154776478584:role/aws-service-role/resource-explorer-2.amazonaws.com/AWSServiceRoleForResourceExplorer",
"attached_policies": [
"arn:aws:iam::aws:policy/aws-service-role/AWSResourceExplorerServiceRolePolicy"
],
"inline_policy_names": [],
"max_session_duration": 3600,
"role_name": "AWSServiceRoleForResourceExplorer"
},
{
"arn": "arn:aws:iam::154776478584:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport",
"attached_policies": [
"arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy"
],
"inline_policy_names": [],
"max_session_duration": 3600,
"role_name": "AWSServiceRoleForSupport"
},
{
"arn": "arn:aws:iam::154776478584:role/aws-service-role/trustedadvisor.amazonaws.com/AWSServiceRoleForTrustedAdvisor",
"attached_policies": [
"arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorServiceRolePolicy"
],
"inline_policy_names": [],
"max_session_duration": 3600,
"role_name": "AWSServiceRoleForTrustedAdvisor"
}
],
"sample_users": [
{
"arn": "arn:aws:iam::154776478584:user/AbdulHadi",
"attached_policies": [],
"groups": [],
"inline_policy_names": [],
"user_name": "AbdulHadi"
},
{
"arn": "arn:aws:iam::154776478584:user/farhan",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword"
],
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"user_name": "farhan"
},
{
"arn": "arn:aws:iam::154776478584:user/hamza",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword"
],
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"user_name": "hamza"
},
{
"arn": "arn:aws:iam::154776478584:user/salman",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword"
],
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"user_name": "salman"
},
{
"arn": "arn:aws:iam::154776478584:user/shevyn",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword",
"arn:aws:iam::aws:policy/AWSBillingConductorFullAccess"
],
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"user_name": "shevyn"
}
],
"top_attached_policies": [
{
"count": 4,
"policy_arn": "arn:aws:iam::aws:policy/AdministratorAccess"
},
{
"count": 4,
"policy_arn": "arn:aws:iam::aws:policy/IAMUserChangePassword"
},
{
"count": 1,
"policy_arn": "arn:aws:iam::aws:policy/AWSBillingConductorFullAccess"
},
{
"count": 1,
"policy_arn": "arn:aws:iam::aws:policy/SecurityAudit"
},
{
"count": 1,
"policy_arn": "arn:aws:iam::aws:policy/aws-service-role/AWSResourceExplorerServiceRolePolicy"
},
{
"count": 1,
"policy_arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy"
},
{
"count": 1,
"policy_arn": "arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorServiceRolePolicy"
}
],
"top_inline_policy_names": [],
"users_total": 5,
"users_with_attached_policies_count": 4,
"users_with_inline_policies_count": 0
}
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45"
},
"name": "aws_summarize_iam_authentication_posture",
"result": {
"credential_report": {
"access_key_1_active_count": 2,
"access_key_2_active_count": 0,
"mfa_active_count": 1,
"password_enabled_count": 5,
"root_mfa_active": "true",
"sample_users": [
{
"access_key_1_active": "true",
"access_key_2_active": "false",
"mfa_active": "false",
"password_enabled": "false",
"password_last_used": "N/A",
"user": "AbdulHadi"
},
{
"access_key_1_active": "false",
"access_key_2_active": "false",
"mfa_active": "false",
"password_enabled": "true",
"password_last_used": "2025-12-11T17:46:35Z",
"user": "farhan"
},
{
"access_key_1_active": "true",
"access_key_2_active": "false",
"mfa_active": "false",
"password_enabled": "true",
"password_last_used": "2026-03-05T15:34:43Z",
"user": "hamza"
},
{
"access_key_1_active": "false",
"access_key_2_active": "false",
"mfa_active": "false",
"password_enabled": "true",
"password_last_used": "2026-02-06T23:13:07Z",
"user": "salman"
},
{
"access_key_1_active": "false",
"access_key_2_active": "false",
"mfa_active": "false",
"password_enabled": "true",
"password_last_used": "2026-02-06T14:39:51Z",
"user": "shevyn"
}
],
"total_rows": 6
},
"password_policy": {
"exists": false
}
}
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45"
},
"name": "aws_summarize_cloudtrail_posture",
"result": {
"cloudwatch_logs_integration_trails_count": 0,
"kms_enabled_trails_count": 0,
"log_file_validation_enabled_trails_count": 0,
"logging_enabled_trails_count": 0,
"multi_region_trails_count": 0,
"sample_trails": [],
"total_trails": 0
}
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45"
},
"name": "aws_summarize_cloudwatch_log_groups",
"result": {
"kms_encrypted_log_groups_count": 0,
"log_groups_with_retention_count": 0,
"log_groups_without_retention_count": 0,
"sample_log_groups_without_retention": [],
"total_log_groups": 0
}
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45",
"table": "identities"
},
"name": "aws_counts_by_resource_type",
"result": [
{
"count": 1,
"resource_type": "iam_credential_report"
},
{
"count": 1,
"resource_type": "iam_password_policy"
},
{
"count": 4,
"resource_type": "iam_role"
},
{
"count": 5,
"resource_type": "iam_user"
}
]
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45",
"limit": 50,
"resource_type": "iam_user",
"table": "identities"
},
"name": "aws_list_records",
"result": [
{
"account_id": "154776478584",
"data": {
"access_keys": [
{
"access_key_id": "AKIASICLFUN4GJGPP5SM",
"create_date": "2026-02-08 19:33:09+00:00",
"status": "Active"
}
],
"arn": "arn:aws:iam::154776478584:user/AbdulHadi",
"attached_policies": [],
"create_date": "2026-02-08T19:30:25Z",
"groups": [],
"inline_policy_names": [],
"mfa_enabled": false,
"password_last_used": null,
"path": "/",
"tags": {},
"user_id": "AIDASICLFUN4CYQMP6UHX",
"user_name": "AbdulHadi"
},
"id": "75fa7608-06f4-4dc6-9bb5-abe0d60bdb08",
"region": "global",
"resource_id": "arn:aws:iam::154776478584:user/AbdulHadi",
"resource_type": "iam_user"
},
{
"account_id": "154776478584",
"data": {
"access_keys": [],
"arn": "arn:aws:iam::154776478584:user/farhan",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword"
],
"create_date": "2025-12-10T19:58:27Z",
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"mfa_enabled": false,
"password_last_used": "2025-12-11T17:46:35Z",
"path": "/",
"tags": {},
"user_id": "AIDASICLFUN4FFOJTKWPM",
"user_name": "farhan"
},
"id": "669a555a-fe1e-4be8-8151-8dcc25422707",
"region": "global",
"resource_id": "arn:aws:iam::154776478584:user/farhan",
"resource_type": "iam_user"
},
{
"account_id": "154776478584",
"data": {
"access_keys": [
{
"access_key_id": "AKIASICLFUN4N52MO3HS",
"create_date": "2026-02-08 19:38:08+00:00",
"status": "Active"
}
],
"arn": "arn:aws:iam::154776478584:user/hamza",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword"
],
"create_date": "2026-02-06T16:33:09Z",
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"mfa_enabled": false,
"password_last_used": "2026-03-05T15:34:43Z",
"path": "/",
"tags": {},
"user_id": "AIDASICLFUN4O7C7EIDXC",
"user_name": "hamza"
},
"id": "cc9947b6-1165-4df6-b590-b2560410bb4e",
"region": "global",
"resource_id": "arn:aws:iam::154776478584:user/hamza",
"resource_type": "iam_user"
},
{
"account_id": "154776478584",
"data": {
"access_keys": [],
"arn": "arn:aws:iam::154776478584:user/salman",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword"
],
"create_date": "2026-02-06T16:45:47Z",
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"mfa_enabled": false,
"password_last_used": "2026-02-06T23:13:07Z",
"path": "/",
"tags": {},
"user_id": "AIDASICLFUN4P6MJ4IIOH",
"user_name": "salman"
},
"id": "10d5cfbd-65f0-4705-951d-84222a276be1",
"region": "global",
"resource_id": "arn:aws:iam::154776478584:user/salman",
"resource_type": "iam_user"
},
{
"account_id": "154776478584",
"data": {
"access_keys": [],
"arn": "arn:aws:iam::154776478584:user/shevyn",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword",
"arn:aws:iam::aws:policy/AWSBillingConductorFullAccess"
],
"create_date": "2025-12-10T19:52:34Z",
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"mfa_enabled": false,
"password_last_used": "2026-02-06T14:39:51Z",
"path": "/",
"tags": {},
"user_id": "AIDASICLFUN4A2TYI27PZ",
"user_name": "shevyn"
},
"id": "b7ae138f-55fe-4ec5-8c0b-c3f22f80f1b5",
"region": "global",
"resource_id": "arn:aws:iam::154776478584:user/shevyn",
"resource_type": "iam_user"
}
]
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45",
"limit": 50,
"resource_type": "iam_role",
"table": "identities"
},
"name": "aws_list_records",
"result": [
{
"account_id": "154776478584",
"data": {
"arn": "arn:aws:iam::154776478584:role/Audit",
"assume_role_policy_document": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Condition": {},
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::154776478584:root"
}
}
],
"Version": "2012-10-17"
},
"attached_policies": [
"arn:aws:iam::aws:policy/SecurityAudit"
],
"create_date": "2026-02-08T19:54:17Z",
"inline_policy_names": [],
"max_session_duration": 3600,
"path": "/",
"role_id": "AROASICLFUN4FUDVXOMSL",
"role_name": "Audit",
"tags": {}
},
"id": "c723d06e-4946-4572-938a-8f8726b4a2f2",
"region": "global",
"resource_id": "arn:aws:iam::154776478584:role/Audit",
"resource_type": "iam_role"
},
{
"account_id": "154776478584",
"data": {
"arn": "arn:aws:iam::154776478584:role/aws-service-role/resource-explorer-2.amazonaws.com/AWSServiceRoleForResourceExplorer",
"assume_role_policy_document": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "resource-explorer-2.amazonaws.com"
}
}
],
"Version": "2012-10-17"
},
"attached_policies": [
"arn:aws:iam::aws:policy/aws-service-role/AWSResourceExplorerServiceRolePolicy"
],
"create_date": "2025-12-10T19:51:04Z",
"inline_policy_names": [],
"max_session_duration": 3600,
"path": "/aws-service-role/resource-explorer-2.amazonaws.com/",
"role_id": "AROASICLFUN4PYLZZXHFN",
"role_name": "AWSServiceRoleForResourceExplorer",
"tags": {}
},
"id": "1e7de94a-72a7-4400-a63c-9c8068f0d93c",
"region": "global",
"resource_id": "arn:aws:iam::154776478584:role/aws-service-role/resource-explorer-2.amazonaws.com/AWSServiceRoleForResourceExplorer",
"resource_type": "iam_role"
},
{
"account_id": "154776478584",
"data": {
"arn": "arn:aws:iam::154776478584:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport",
"assume_role_policy_document": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "support.amazonaws.com"
}
}
],
"Version": "2012-10-17"
},
"attached_policies": [
"arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy"
],
"create_date": "2022-08-26T01:30:14Z",
"inline_policy_names": [],
"max_session_duration": 3600,
"path": "/aws-service-role/support.amazonaws.com/",
"role_id": "AROASICLFUN4F7UFKDGUO",
"role_name": "AWSServiceRoleForSupport",
"tags": {}
},
"id": "7c22a4db-3995-4ff7-92d1-0847110e1761",
"region": "global",
"resource_id": "arn:aws:iam::154776478584:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport",
"resource_type": "iam_role"
},
{
"account_id": "154776478584",
"data": {
"arn": "arn:aws:iam::154776478584:role/aws-service-role/trustedadvisor.amazonaws.com/AWSServiceRoleForTrustedAdvisor",
"assume_role_policy_document": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "trustedadvisor.amazonaws.com"
}
}
],
"Version": "2012-10-17"
},
"attached_policies": [
"arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorServiceRolePolicy"
],
"create_date": "2022-08-26T01:30:14Z",
"inline_policy_names": [],
"max_session_duration": 3600,
"path": "/aws-service-role/trustedadvisor.amazonaws.com/",
"role_id": "AROASICLFUN4G7GX24OOQ",
"role_name": "AWSServiceRoleForTrustedAdvisor",
"tags": {}
},
"id": "6952bf28-57b8-45d5-9a53-9a2767a42218",
"region": "global",
"resource_id": "arn:aws:iam::154776478584:role/aws-service-role/trustedadvisor.amazonaws.com/AWSServiceRoleForTrustedAdvisor",
"resource_type": "iam_role"
}
]
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45",
"limit": 50,
"resource_type": "iam_group",
"table": "identities"
},
"name": "aws_list_records",
"result": []
}
],
"tool_plan": {
"tool_calls": [
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45"
},
"name": "aws_default_evidence_snapshot"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45"
},
"name": "aws_summarize_iam_users"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45"
},
"name": "aws_summarize_iam_policy_attachments"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45"
},
"name": "aws_summarize_iam_authentication_posture"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45"
},
"name": "aws_summarize_cloudtrail_posture"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45"
},
"name": "aws_summarize_cloudwatch_log_groups"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45",
"table": "identities"
},
"name": "aws_counts_by_resource_type"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45",
"limit": 50,
"resource_type": "iam_user",
"table": "identities"
},
"name": "aws_list_records"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45",
"limit": 50,
"resource_type": "iam_role",
"table": "identities"
},
"name": "aws_list_records"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45",
"limit": 50,
"resource_type": "iam_group",
"table": "identities"
},
"name": "aws_list_records"
}
]
}
}