7afb3695-1c54-439a-ae8c-6f28eb1d01ee
— Retrievable via GET /ai/narratives/7afb3695-1c54-439a-ae8c-6f28eb1d01ee
a. Define and document the types of accounts allowed and specifically prohibited for use within the system;
b. Assign account managers;
c. Require [Assignment: organization-defined prerequisites and criteria] for group and role membership;
d. Specify:
1. Authorized users of the system;
2. Group and role membership; and
3. Access authorizations (i.e., privileges) and [Assignment: organization-defined attributes (as required)] for each account;
e. Require approvals by [Assignment: organization-defined personnel or roles] for requests to create accounts;
f. Create, enable, modify, disable, and remove accounts in accordance with [Assignment: organization-defined policy, procedures, prerequisites, and criteria];
g. Monitor the use of accounts;
h. Notify account managers and [Assignment: organization-defined personnel or roles] within:
1. [FedRAMP Assignment: twenty-four (24) hours] when accounts are no longer required;
2. [FedRAMP Assignment: eight (8) hours] when users are terminated or transferred; and
3. [FedRAMP Assignment: eight (8) hours] when system usage or need-to-know changes for an individual;
i. Authorize access to the system based on:
1. A valid access authorization;
2. Intended system usage; and
3. [Assignment: organization-defined attributes (as required)];
j. Review accounts for compliance with account management requirements [FedRAMP Assignment: monthly for privileged accessed, every six (6) months for non-privileged access];
k. Establish and implement a process for changing shared or group account authenticators (if deployed) when individuals are removed from the group; and
l. Align account management processes with personnel termination and transfer processes.
Responsible Role: Infrastructure, GRC, Account Manager, Customer Parameter AC-2(c): Account provisioning/deprovisioning process for FedRAMP accounts Parameter AC-2(d)(3): The organization attributes Parameter AC-2(e): Group Owners and ISSO Parameter AC-2(f): Access Control policies and procedures Parameter AC-2(h): Group Owners Parameter AC-2(h)(1): twenty-four (24) hours] when accounts are no longer required Parameter AC-2(h)(2): eight (8) hours Parameter AC-2(h)(3): eight (8) hours Parameter AC-2(i)(3): The organization account attributes (as required) Parameter AC-2(j): monthly for privileged accessed, every six (6) months for non-privileged access
☐ Implemented ☒ Partially Implemented ☐ Planned ☐ Alternative implementation ☐ Not Applicable
☐ Service Provider Corporate ☐ Service Provider System Specific ☐ Service Provider Hybrid (Corporate and System Specific) ☐ Configured by Customer (Customer System Specific) ☐ Provided by Customer (Customer System Specific) ☒ Shared (Service Provider and Customer Responsibility) ☒ Inherited from pre-existing FedRAMP Authorization for AI-Agent, 02/18/2026
The organization implements account management governance through documented access control policies and procedures that define expected account categories and lifecycle handling for the system boundary. Within the AWS environment, IAM users and roles are utilized as the primary account constructs (5 IAM users and 4 IAM roles enumerated), supporting identification of account types in use.
The organization partially inherits supporting capabilities for account management as the system is hosted on AWS East/West which is FedRAMP authorized (AI-Agent, 02/18/2026), including platform-level identity constructs and management interfaces. The organization manages residual risk by tracking completion of system-specific documentation for allowed and prohibited account types through the POA&M and validating implementation through continuous monitoring reviews.
Customers are responsible for defining and documenting the types of accounts allowed and specifically prohibited for use within the system when customers manage identities, roles, or integrations within their own environments.
The organization assigns account management responsibilities to designated roles (Infrastructure and GRC/ISSO functions) for the system boundary, including administration of AWS IAM users, roles, and group membership. Administrative grouping practices are used to support managed assignment of administrative responsibilities (e.g., AdminGroup membership observed for 4 of 5 users).
The organization partially inherits this control for account management as the system is hosted on AWS East/West which is FedRAMP authorized (AI-Agent, 02/18/2026). Account manager assignments and operational responsibilities are governed through organizational procedures and are reviewed as part of continuous monitoring. Any refinements to role designation and documentation are tracked via POA&M.
Customers are responsible for assigning their own account managers for customer-managed identities and access paths.
The organization implements prerequisites and criteria for group and role membership through AWS IAM group-based administration and role assignment practices. Standardized authorization assignment is supported through use of AWS-managed policies (e.g., AdministratorAccess, SecurityAudit) and group membership (e.g., AdminGroup), providing a repeatable mechanism to associate permissions with defined roles.
The organization partially inherits this control for account management as the system is hosted on AWS East/West which is FedRAMP authorized (AI-Agent, 02/18/2026). The organization manages residual risk by documenting system-specific membership prerequisites/criteria (e.g., job function alignment, least privilege, approval requirements) and tracking maturity activities (including reduction of broad entitlements and controlled elevation approaches) in the POA&M and continuous monitoring program.
Customers are responsible for requiring organization-defined prerequisites and criteria for group and role membership for customer-managed roles, groups, and federated access.
The organization specifies: 1. Authorized users of the system; 2. Group and role membership; and 3. Access authorizations (i.e., privileges) and the organization associated account attributes.
Within AWS, authorized identities are represented through enumerated IAM users and roles, with group membership used to associate administrative function and AWS-managed policies used to standardize permission sets. The organization manages account attributes and authorization decisions using IAM configuration artifacts (users, roles, groups, attached policies) as the system-of-record for system access.
The organization partially inherits this control for account management as the system is hosted on AWS East/West which is FedRAMP authorized (AI-Agent, 02/18/2026). System-specific documentation of required account attributes (as applicable) and the mapping of authorized users to roles/privileges are maintained under configuration management and validated through periodic review. Enhancements and residual risks (including documentation completeness and least privilege refinement) are tracked through the POA&M process and reviewed as part of continuous monitoring.
Customers are responsible for specifying: 1. Authorized users of the system; 2. Group and role membership; and 3. Access authorizations (i.e., privileges) and [Assignment: organization-defined attributes (as required)] for each account for customer-controlled access paths.
The organization requires approvals by account managers and group owners for requests to create FedRAMP-associated accounts through documented procedures and designated approval roles (e.g., Group Owners and ISSO as applicable). Account creation in AWS is limited to authorized administrators and follows organizational change and access request expectations.
The organization partially inherits this control for account management as the system is hosted on AWS East/West which is FedRAMP authorized (AI-Agent, 02/18/2026). The organization manages residual risk by strengthening retention of request/approval artifacts and aligning approval workflows to system-specific account types; these activities are tracked through the POA&M and validated during continuous monitoring.
Customers are responsible for requiring approvals by [Assignment: organization-defined personnel or roles] for requests to create accounts for customer-managed identities and access provisioning.
The organization creates, enables, modifies, disables, and removes accounts in accordance with FedRAMP-aligned access control policies and procedures and AWS IAM administrative workflows. IAM users and roles are administered using AWS-native capabilities, with permissions assigned through group membership and managed policies to support consistent authorization application.
The organization partially inherits this control for account management as the system is hosted on AWS East/West which is FedRAMP authorized (AI-Agent, 02/18/2026). The organization manages residual risk by formalizing system-specific lifecycle procedures (provisioning, modification, disablement, removal) and ensuring alignment with HR joiner-mover-leaver processes and required timeframes; related enhancements are tracked via POA&M and reviewed through continuous monitoring. MFA posture and password policy configuration are also managed as part of account lifecycle hardening and are tracked through the POA&M where refinement is in progress.
Customers are responsible for creating, enabling, modifying, disabling, and removing accounts in accordance with [Assignment: organization-defined policy, procedures, prerequisites, and criteria] for customer-managed identities and access mechanisms.
The organization monitors the use of accounts through AWS logging and monitoring capabilities and organizational continuous monitoring procedures. Account activity monitoring is strengthened through centralized audit log collection and review processes, with planned improvements (e.g., CloudTrail multi-region enablement with log file validation and integration with centralized log retention) managed as an ongoing enhancement.
The organization partially inherits this control for account management as the system is hosted on AWS East/West which is FedRAMP authorized (AI-Agent, 02/18/2026). The organization manages residual risk by tracking audit logging coverage enhancements in the POA&M and reviewing account activity and lifecycle events as part of continuous monitoring.
Customers are responsible for monitoring the use of accounts for customer-managed identities, federated access, and any customer-side administrative actions impacting the system.
The organization notifies account managers and designated roles within FedRAMP-defined timeframes as part of personnel and access change processes, including: 1. twenty-four (24) hours when accounts are no longer required; 2. eight (8) hours when users are terminated or transferred; and 3. eight (8) hours when system usage or need-to-know changes for an individual.
The organization partially inherits this control for account management as the system is hosted on AWS East/West which is FedRAMP authorized (AI-Agent, 02/18/2026). The organization manages residual risk by aligning system-specific account management procedures to HR joiner-mover-leaver notifications and ensuring notification workflows and evidence retention are formalized; these activities are tracked through the POA&M and validated via continuous monitoring.
Customers are responsible for notifying account managers and [Assignment: organization-defined personnel or roles] within the FedRAMP timeframes for customer-managed accounts and customer workforce changes affecting access.
The organization authorizes access to the system based on a valid access authorization, intended system usage, and applicable account attributes by enforcing authorization through AWS IAM roles, groups, and policy attachments. Use of AWS-managed policies (e.g., SecurityAudit, AdministratorAccess) supports standardized permission assignment while the organization continues to refine least-privilege entitlements through documented criteria and role-based access models.
The organization partially inherits this control for account management as the system is hosted on AWS East/West which is FedRAMP authorized (AI-Agent, 02/18/2026). The organization manages residual risk by tracking least-privilege refinement, controlled elevation patterns, and MFA enforcement as continuous monitoring and POA&M items, and by periodically validating authorization configurations against defined access requirements.
Customers are responsible for authorizing access to the system based on: 1. A valid access authorization; 2. Intended system usage; and 3. [Assignment: organization-defined attributes (as required)] for customer-controlled access decisions and integrations.
The organization reviews accounts for compliance with account management requirements at FedRAMP-defined frequencies (monthly for privileged access; every six (6) months for non-privileged access) as part of its governance and continuous monitoring program. IAM inventories (users, roles, groups, policies) provide the technical basis for review, and remediation actions are recorded and tracked to closure.
The organization partially inherits this control for account management as the system is hosted on AWS East/West which is FedRAMP authorized (AI-Agent, 02/18/2026). The organization manages residual risk by formalizing and retaining evidence of periodic access recertification results and by tracking any required corrective actions through the POA&M process.
Customers are responsible for reviewing accounts for compliance with account management requirements at the FedRAMP-defined frequencies for customer-managed identities and access paths.
The organization establishes and implements a process for changing shared or group account authenticators (if deployed) when individuals are removed from the group, consistent with credential management procedures. Where shared or group accounts are used, the organization manages associated risk through documented rotation expectations and administrative controls.
The organization partially inherits this control for account management as the system is hosted on AWS East/West which is FedRAMP authorized (AI-Agent, 02/18/2026). The organization manages residual risk by identifying any shared/group/service accounts within the system boundary and documenting and operating authenticator rotation procedures upon membership changes; any required enhancements are tracked in the POA&M and validated through continuous monitoring.
Customers are responsible for establishing and implementing a process for changing shared or group account authenticators (if deployed) when individuals are removed from the group for customer-managed accounts and credentials.
The organization aligns account management processes with personnel termination and transfer processes through integration of access lifecycle actions with HR joiner-mover-leaver workflows, including FedRAMP-defined notification timeframes and role-based responsibilities. Account lifecycle changes (disablement/removal and privilege updates) are executed through authorized administrators using AWS IAM and tracked under organizational change and access control procedures.
The organization partially inherits this control for account management as the system is hosted on AWS East/West which is FedRAMP authorized (AI-Agent, 02/18/2026). The organization manages residual risk by strengthening documented linkage between HR events and account actions, and by tracking procedural enhancements and evidence retention through the POA&M process and continuous monitoring.
Customers are responsible for aligning account management processes with personnel termination and transfer processes for customer workforce members and customer-managed identity systems.
High-level planning + tools used (no chain-of-thought). This helps validate the narrative is evidence-driven.
| Tool | Args | Result |
|---|---|---|
aws_default_evidence_snapshot |
{
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91"
} |
ok |
aws_summarize_iam_users |
{
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91"
} |
ok |
aws_summarize_iam_policy_attachments |
{
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91"
} |
ok |
aws_summarize_iam_authentication_posture |
{
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91"
} |
ok |
aws_counts_by_resource_type |
{
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91",
"table": "identities"
} |
ok |
aws_list_records |
{
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91",
"limit": 50,
"resource_type": "iam_user",
"table": "identities"
} |
ok |
aws_list_records |
{
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91",
"limit": 50,
"resource_type": "iam_role",
"table": "identities"
} |
ok |
aws_summarize_cloudtrail_posture |
{
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91"
} |
ok |
The exact evidence data the AI model used to generate this narrative. Stored with every generated narrative for traceability (AU-3).
{
"account_id": "154776478584",
"analysis": {
"assessor_summary": [
"Define and document account lifecycle processes (request, approval, provisioning, modification, disablement, removal).",
"Maintain an accurate inventory of user, privileged, service, and shared accounts with assigned roles and ownership.",
"Enforce least privilege through role-based access, periodic reviews, and timely removal of unnecessary access.",
"Implement controls for account monitoring, auditing, and handling of inactive, temporary, and emergency accounts.",
"Ensure consistent account management across systems, including cloud consoles, OS, applications, and directories."
],
"evidence_needs": [
"Account management policy/standard and supporting procedures",
"Account request/approval workflow artifacts (e.g., tickets/ITSM records)",
"Account inventory exports (user, privileged, service, shared) with owners and purpose",
"Role/entitlement catalog or RBAC matrix mapping roles to permissions",
"Joiner/Mover/Leaver process documentation and recent samples",
"Provisioning/deprovisioning logs or audit trails from IAM/Directory/SSO systems",
"Privileged account management evidence (admin account list, approval, controls, monitoring)",
"Service account governance evidence (creation criteria, ownership, key/secret rotation, usage constraints)",
"Periodic access review evidence (recertification schedule, results, remediation actions)",
"Inactive/dormant account configuration and reports showing enforcement",
"Temporary/emergency account procedures and sample records (creation and removal)",
"Centralized logging/SIEM evidence showing account lifecycle events captured and reviewed",
"Segregation of duties checks or workflow controls for approvals",
"System configuration evidence for account lock/disable settings where applicable"
],
"preferred_tables": [
"identities",
"assets",
"data_stores"
]
},
"control_id": "AC-2",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91",
"tool_calls": [
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91"
},
"name": "aws_default_evidence_snapshot"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91"
},
"name": "aws_summarize_iam_users"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91"
},
"name": "aws_summarize_iam_policy_attachments"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91"
},
"name": "aws_summarize_iam_authentication_posture"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91",
"table": "identities"
},
"name": "aws_counts_by_resource_type"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91",
"limit": 50,
"resource_type": "iam_user",
"table": "identities"
},
"name": "aws_list_records"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91",
"limit": 50,
"resource_type": "iam_role",
"table": "identities"
},
"name": "aws_list_records"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91"
},
"name": "aws_summarize_cloudtrail_posture"
}
],
"tool_outputs": [
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91"
},
"name": "aws_default_evidence_snapshot",
"result": {
"counts": {
"assets": [
{
"count": 3,
"resource_type": "ebs_volume"
},
{
"count": 2,
"resource_type": "ec2_instance"
}
],
"data_stores": [],
"identities": [
{
"count": 1,
"resource_type": "iam_password_policy"
},
{
"count": 4,
"resource_type": "iam_role"
},
{
"count": 5,
"resource_type": "iam_user"
}
],
"network_components": [
{
"count": 1,
"resource_type": "internet_gateway"
},
{
"count": 1,
"resource_type": "network_acl"
},
{
"count": 1,
"resource_type": "route_table"
},
{
"count": 3,
"resource_type": "security_group"
},
{
"count": 6,
"resource_type": "subnet"
},
{
"count": 1,
"resource_type": "vpc"
}
]
},
"summaries": {
"cloudtrail": {
"cloudwatch_logs_integration_trails_count": 0,
"kms_enabled_trails_count": 0,
"log_file_validation_enabled_trails_count": 0,
"logging_enabled_trails_count": 0,
"multi_region_trails_count": 0,
"sample_trails": [],
"total_trails": 0
},
"cloudwatch_logs": {
"kms_encrypted_log_groups_count": 0,
"log_groups_with_retention_count": 0,
"log_groups_without_retention_count": 0,
"sample_log_groups_without_retention": [],
"total_log_groups": 0
},
"cm8_inventory": {
"counts": {
"assets": [
{
"count": 3,
"resource_type": "ebs_volume"
},
{
"count": 2,
"resource_type": "ec2_instance"
}
],
"data_stores": [],
"identities": [
{
"count": 1,
"resource_type": "iam_password_policy"
},
{
"count": 4,
"resource_type": "iam_role"
},
{
"count": 5,
"resource_type": "iam_user"
}
],
"network_components": [
{
"count": 1,
"resource_type": "internet_gateway"
},
{
"count": 1,
"resource_type": "network_acl"
},
{
"count": 1,
"resource_type": "route_table"
},
{
"count": 3,
"resource_type": "security_group"
},
{
"count": 6,
"resource_type": "subnet"
},
{
"count": 1,
"resource_type": "vpc"
}
]
},
"ebs_volumes": {
"encrypted_volumes_count": 0,
"sample_unencrypted_volumes": [
{
"attachments": [
{
"attach_time": "2022-09-10 19:16:37+00:00",
"delete_on_termination": true,
"device": "/dev/sda1",
"instance_id": "i-0322a28bf1a8a68c5",
"state": "attached"
}
],
"region": "us-east-1",
"size_gb": 10,
"volume_id": "vol-0402ca2f2f3be9e94"
},
{
"attachments": [
{
"attach_time": "2022-08-28 20:05:24+00:00",
"delete_on_termination": true,
"device": "/dev/sdb",
"instance_id": "i-0601780d500bb51ea",
"state": "attached"
}
],
"region": "us-east-1",
"size_gb": 10,
"volume_id": "vol-017cf162462cc1786"
},
{
"attachments": [
{
"attach_time": "2022-08-28 20:05:24+00:00",
"delete_on_termination": true,
"device": "/dev/sda1",
"instance_id": "i-0601780d500bb51ea",
"state": "attached"
}
],
"region": "us-east-1",
"size_gb": 20,
"volume_id": "vol-05e6fd7a0bd29300e"
}
],
"total_volumes": 3,
"unencrypted_volumes_count": 3
}
},
"ec2_instances": {
"monitoring_enabled_count": 0,
"sample_instances": [
{
"iam_instance_profile": null,
"instance_id": "i-0601780d500bb51ea",
"instance_type": "t2.medium",
"monitoring_enabled": false,
"region": "us-east-1",
"security_group_ids": [
"sg-090ff45d5d6ad1cd4"
],
"state": "stopped",
"subnet_id": "subnet-0b8c568bc3659b486",
"tags": {
"Name": "First Instance"
},
"vpc_id": "vpc-033668c99bb7641b0"
},
{
"iam_instance_profile": null,
"instance_id": "i-0322a28bf1a8a68c5",
"instance_type": "t2.micro",
"monitoring_enabled": false,
"region": "us-east-1",
"security_group_ids": [
"sg-090ff45d5d6ad1cd4"
],
"state": "stopped",
"subnet_id": "subnet-05c9a438bb7c68867",
"tags": {
"Name": "Second Instance"
},
"vpc_id": "vpc-033668c99bb7641b0"
}
],
"states": {
"stopped": 2
},
"total_instances": 2
},
"iam_authentication_posture": {
"credential_report": null,
"password_policy": {
"exists": false
}
},
"iam_policy_attachments": {
"roles_total": 4,
"roles_with_attached_policies_count": 4,
"roles_with_inline_policies_count": 0,
"sample_roles": [
{
"arn": "arn:aws:iam::154776478584:role/Audit",
"attached_policies": [
"arn:aws:iam::aws:policy/SecurityAudit"
],
"inline_policy_names": [],
"max_session_duration": 3600,
"role_name": "Audit"
},
{
"arn": "arn:aws:iam::154776478584:role/aws-service-role/resource-explorer-2.amazonaws.com/AWSServiceRoleForResourceExplorer",
"attached_policies": [
"arn:aws:iam::aws:policy/aws-service-role/AWSResourceExplorerServiceRolePolicy"
],
"inline_policy_names": [],
"max_session_duration": 3600,
"role_name": "AWSServiceRoleForResourceExplorer"
},
{
"arn": "arn:aws:iam::154776478584:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport",
"attached_policies": [
"arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy"
],
"inline_policy_names": [],
"max_session_duration": 3600,
"role_name": "AWSServiceRoleForSupport"
},
{
"arn": "arn:aws:iam::154776478584:role/aws-service-role/trustedadvisor.amazonaws.com/AWSServiceRoleForTrustedAdvisor",
"attached_policies": [
"arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorServiceRolePolicy"
],
"inline_policy_names": [],
"max_session_duration": 3600,
"role_name": "AWSServiceRoleForTrustedAdvisor"
}
],
"sample_users": [
{
"arn": "arn:aws:iam::154776478584:user/AbdulHadi",
"attached_policies": [],
"groups": [],
"inline_policy_names": [],
"user_name": "AbdulHadi"
},
{
"arn": "arn:aws:iam::154776478584:user/farhan",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword"
],
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"user_name": "farhan"
},
{
"arn": "arn:aws:iam::154776478584:user/hamza",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword"
],
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"user_name": "hamza"
},
{
"arn": "arn:aws:iam::154776478584:user/salman",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword"
],
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"user_name": "salman"
},
{
"arn": "arn:aws:iam::154776478584:user/shevyn",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword",
"arn:aws:iam::aws:policy/AWSBillingConductorFullAccess"
],
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"user_name": "shevyn"
}
],
"top_attached_policies": [
{
"count": 4,
"policy_arn": "arn:aws:iam::aws:policy/AdministratorAccess"
},
{
"count": 4,
"policy_arn": "arn:aws:iam::aws:policy/IAMUserChangePassword"
},
{
"count": 1,
"policy_arn": "arn:aws:iam::aws:policy/AWSBillingConductorFullAccess"
},
{
"count": 1,
"policy_arn": "arn:aws:iam::aws:policy/SecurityAudit"
},
{
"count": 1,
"policy_arn": "arn:aws:iam::aws:policy/aws-service-role/AWSResourceExplorerServiceRolePolicy"
},
{
"count": 1,
"policy_arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy"
},
{
"count": 1,
"policy_arn": "arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorServiceRolePolicy"
}
],
"top_inline_policy_names": [],
"users_total": 5,
"users_with_attached_policies_count": 4,
"users_with_inline_policies_count": 0
},
"iam_users": {
"active_access_keys_count": 2,
"mfa_disabled_count": 5,
"mfa_enabled_count": 0,
"sample_users": [
{
"access_keys_count": 1,
"arn": "arn:aws:iam::154776478584:user/AbdulHadi",
"groups": [],
"mfa_enabled": false,
"password_last_used": "None",
"user_name": "AbdulHadi"
},
{
"access_keys_count": 0,
"arn": "arn:aws:iam::154776478584:user/farhan",
"groups": [
"AdminGroup"
],
"mfa_enabled": false,
"password_last_used": "2025-12-11T17:46:35Z",
"user_name": "farhan"
},
{
"access_keys_count": 1,
"arn": "arn:aws:iam::154776478584:user/hamza",
"groups": [
"AdminGroup"
],
"mfa_enabled": false,
"password_last_used": "2026-03-04T23:03:00Z",
"user_name": "hamza"
},
{
"access_keys_count": 0,
"arn": "arn:aws:iam::154776478584:user/salman",
"groups": [
"AdminGroup"
],
"mfa_enabled": false,
"password_last_used": "2026-02-06T23:13:07Z",
"user_name": "salman"
},
{
"access_keys_count": 0,
"arn": "arn:aws:iam::154776478584:user/shevyn",
"groups": [
"AdminGroup"
],
"mfa_enabled": false,
"password_last_used": "2026-02-06T14:39:51Z",
"user_name": "shevyn"
}
],
"total_users": 5
},
"network_boundary": {
"counts_by_resource_type": {
"internet_gateway": 1,
"network_acl": 1,
"route_table": 1,
"security_group": 3,
"subnet": 6,
"vpc": 1
},
"sample": {
"internet_gateway": [
{
"id": "igw-0c2d9b6f737cc026e",
"region": "us-east-1",
"summary": {
"attachments": [
{
"State": "available",
"VpcId": "vpc-033668c99bb7641b0"
}
],
"internet_gateway_id": "igw-0c2d9b6f737cc026e",
"tags": {}
},
"vpc_id": "vpc-033668c99bb7641b0"
}
],
"nat_gateway": [],
"network_acl": [
{
"id": "acl-06660319533dddb32",
"region": "us-east-1",
"summary": {
"associations": [
{
"network_acl_association_id": "aclassoc-0c29b39b3fcdfb473",
"subnet_id": "subnet-006336d9696975386"
},
{
"network_acl_association_id": "aclassoc-0618ec8477cd3a5d2",
"subnet_id": "subnet-0b8c568bc3659b486"
},
{
"network_acl_association_id": "aclassoc-02f93f4972febca91",
"subnet_id": "subnet-0c567848e2f3285b9"
},
{
"network_acl_association_id": "aclassoc-0dcb08e13e94dc611",
"subnet_id": "subnet-05c9a438bb7c68867"
},
{
"network_acl_association_id": "aclassoc-0b2e9a777557a332d",
"subnet_id": "subnet-0b3e792cb9abb6b15"
},
{
"network_acl_association_id": "aclassoc-01cbb62a80cdc5353",
"subnet_id": "subnet-06c23e873cdba6e94"
}
],
"entries": [
{
"cidr_block": "0.0.0.0/0",
"egress": true,
"ipv6_cidr_block": null,
"port_range": null,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100
},
{
"cidr_block": "0.0.0.0/0",
"egress": true,
"ipv6_cidr_block": null,
"port_range": null,
"protocol": "-1",
"rule_action": "deny",
"rule_number": 32767
},
{
"cidr_block": "0.0.0.0/0",
"egress": false,
"ipv6_cidr_block": null,
"port_range": null,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100
},
{
"cidr_block": "0.0.0.0/0",
"egress": false,
"ipv6_cidr_block": null,
"port_range": null,
"protocol": "-1",
"rule_action": "deny",
"rule_number": 32767
}
],
"is_default": true,
"network_acl_id": "acl-06660319533dddb32",
"tags": {},
"vpc_id": "vpc-033668c99bb7641b0"
},
"vpc_id": "vpc-033668c99bb7641b0"
}
],
"route_table": [
{
"id": "rtb-0e286a42d0f5851da",
"region": "us-east-1",
"summary": {
"associations": [
{
"association_id": "rtbassoc-04fbdfbd5f3d513a8",
"gateway_id": null,
"main": true,
"subnet_id": null
}
],
"route_table_id": "rtb-0e286a42d0f5851da",
"routes": [
{
"destination_cidr_block": "172.31.0.0/16",
"destination_ipv6_cidr_block": null,
"gateway_id": "local",
"instance_id": null,
"nat_gateway_id": null,
"origin": "CreateRouteTable",
"state": "active",
"transit_gateway_id": null,
"vpc_peering_connection_id": null
},
{
"destination_cidr_block": "0.0.0.0/0",
"destination_ipv6_cidr_block": null,
"gateway_id": "igw-0c2d9b6f737cc026e",
"instance_id": null,
"nat_gateway_id": null,
"origin": "CreateRoute",
"state": "active",
"transit_gateway_id": null,
"vpc_peering_connection_id": null
}
],
"tags": {},
"vpc_id": "vpc-033668c99bb7641b0"
},
"vpc_id": "vpc-033668c99bb7641b0"
}
],
"vpc_endpoint": []
}
},
"rds_instances": {
"encrypted_rds_instances_count": 0,
"publicly_accessible_rds_instances_count": 0,
"sample_unencrypted_rds_instances": [],
"total_rds_instances": 0,
"unencrypted_rds_instances_count": 0
},
"s3_buckets": {
"encrypted_buckets_count": 0,
"public_access_block_missing_count": 0,
"sample_unencrypted_buckets": [],
"total_buckets": 0,
"unencrypted_buckets_count": 0
},
"security_groups": {
"sample_world_open_security_groups": [
{
"group_id": "sg-090ff45d5d6ad1cd4",
"group_name": "launch-wizard-1",
"open_ingress_rules": [
{
"cidr_blocks": [
"0.0.0.0/0"
],
"description": null,
"from_port": 22,
"ipv6_cidr_blocks": [],
"protocol": "tcp",
"to_port": 22
}
],
"vpc_id": "vpc-033668c99bb7641b0"
},
{
"group_id": "sg-00b9a1b8acdc7534e",
"group_name": "launch-wizard-2",
"open_ingress_rules": [
{
"cidr_blocks": [
"0.0.0.0/0"
],
"description": null,
"from_port": 3389,
"ipv6_cidr_blocks": [],
"protocol": "tcp",
"to_port": 3389
}
],
"vpc_id": "vpc-033668c99bb7641b0"
}
],
"security_groups_with_world_open_ingress_count": 2,
"total_security_groups": 3,
"world_open_ingress_rule_count": 2
},
"vpc_flow_logs": {
"deliver_logs_success_count": 0,
"sample_flow_logs": [],
"total_flow_logs": 0
}
}
}
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91"
},
"name": "aws_summarize_iam_users",
"result": {
"active_access_keys_count": 2,
"mfa_disabled_count": 5,
"mfa_enabled_count": 0,
"sample_users": [
{
"access_keys_count": 1,
"arn": "arn:aws:iam::154776478584:user/AbdulHadi",
"groups": [],
"mfa_enabled": false,
"password_last_used": "None",
"user_name": "AbdulHadi"
},
{
"access_keys_count": 0,
"arn": "arn:aws:iam::154776478584:user/farhan",
"groups": [
"AdminGroup"
],
"mfa_enabled": false,
"password_last_used": "2025-12-11T17:46:35Z",
"user_name": "farhan"
},
{
"access_keys_count": 1,
"arn": "arn:aws:iam::154776478584:user/hamza",
"groups": [
"AdminGroup"
],
"mfa_enabled": false,
"password_last_used": "2026-03-04T23:03:00Z",
"user_name": "hamza"
},
{
"access_keys_count": 0,
"arn": "arn:aws:iam::154776478584:user/salman",
"groups": [
"AdminGroup"
],
"mfa_enabled": false,
"password_last_used": "2026-02-06T23:13:07Z",
"user_name": "salman"
},
{
"access_keys_count": 0,
"arn": "arn:aws:iam::154776478584:user/shevyn",
"groups": [
"AdminGroup"
],
"mfa_enabled": false,
"password_last_used": "2026-02-06T14:39:51Z",
"user_name": "shevyn"
}
],
"total_users": 5
}
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91"
},
"name": "aws_summarize_iam_policy_attachments",
"result": {
"roles_total": 4,
"roles_with_attached_policies_count": 4,
"roles_with_inline_policies_count": 0,
"sample_roles": [
{
"arn": "arn:aws:iam::154776478584:role/Audit",
"attached_policies": [
"arn:aws:iam::aws:policy/SecurityAudit"
],
"inline_policy_names": [],
"max_session_duration": 3600,
"role_name": "Audit"
},
{
"arn": "arn:aws:iam::154776478584:role/aws-service-role/resource-explorer-2.amazonaws.com/AWSServiceRoleForResourceExplorer",
"attached_policies": [
"arn:aws:iam::aws:policy/aws-service-role/AWSResourceExplorerServiceRolePolicy"
],
"inline_policy_names": [],
"max_session_duration": 3600,
"role_name": "AWSServiceRoleForResourceExplorer"
},
{
"arn": "arn:aws:iam::154776478584:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport",
"attached_policies": [
"arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy"
],
"inline_policy_names": [],
"max_session_duration": 3600,
"role_name": "AWSServiceRoleForSupport"
},
{
"arn": "arn:aws:iam::154776478584:role/aws-service-role/trustedadvisor.amazonaws.com/AWSServiceRoleForTrustedAdvisor",
"attached_policies": [
"arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorServiceRolePolicy"
],
"inline_policy_names": [],
"max_session_duration": 3600,
"role_name": "AWSServiceRoleForTrustedAdvisor"
}
],
"sample_users": [
{
"arn": "arn:aws:iam::154776478584:user/AbdulHadi",
"attached_policies": [],
"groups": [],
"inline_policy_names": [],
"user_name": "AbdulHadi"
},
{
"arn": "arn:aws:iam::154776478584:user/farhan",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword"
],
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"user_name": "farhan"
},
{
"arn": "arn:aws:iam::154776478584:user/hamza",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword"
],
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"user_name": "hamza"
},
{
"arn": "arn:aws:iam::154776478584:user/salman",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword"
],
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"user_name": "salman"
},
{
"arn": "arn:aws:iam::154776478584:user/shevyn",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword",
"arn:aws:iam::aws:policy/AWSBillingConductorFullAccess"
],
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"user_name": "shevyn"
}
],
"top_attached_policies": [
{
"count": 4,
"policy_arn": "arn:aws:iam::aws:policy/AdministratorAccess"
},
{
"count": 4,
"policy_arn": "arn:aws:iam::aws:policy/IAMUserChangePassword"
},
{
"count": 1,
"policy_arn": "arn:aws:iam::aws:policy/AWSBillingConductorFullAccess"
},
{
"count": 1,
"policy_arn": "arn:aws:iam::aws:policy/SecurityAudit"
},
{
"count": 1,
"policy_arn": "arn:aws:iam::aws:policy/aws-service-role/AWSResourceExplorerServiceRolePolicy"
},
{
"count": 1,
"policy_arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy"
},
{
"count": 1,
"policy_arn": "arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorServiceRolePolicy"
}
],
"top_inline_policy_names": [],
"users_total": 5,
"users_with_attached_policies_count": 4,
"users_with_inline_policies_count": 0
}
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91"
},
"name": "aws_summarize_iam_authentication_posture",
"result": {
"credential_report": null,
"password_policy": {
"exists": false
}
}
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91",
"table": "identities"
},
"name": "aws_counts_by_resource_type",
"result": [
{
"count": 1,
"resource_type": "iam_password_policy"
},
{
"count": 4,
"resource_type": "iam_role"
},
{
"count": 5,
"resource_type": "iam_user"
}
]
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91",
"limit": 50,
"resource_type": "iam_user",
"table": "identities"
},
"name": "aws_list_records",
"result": [
{
"account_id": "154776478584",
"data": {
"access_keys": [
{
"access_key_id": "AKIASICLFUN4GJGPP5SM",
"create_date": "2026-02-08 19:33:09+00:00",
"status": "Active"
}
],
"arn": "arn:aws:iam::154776478584:user/AbdulHadi",
"attached_policies": [],
"create_date": "2026-02-08T19:30:25Z",
"groups": [],
"inline_policy_names": [],
"mfa_enabled": false,
"password_last_used": null,
"path": "/",
"tags": {},
"user_id": "AIDASICLFUN4CYQMP6UHX",
"user_name": "AbdulHadi"
},
"id": "6d519866-c220-41b0-83c6-d5e14834b931",
"region": "global",
"resource_id": "arn:aws:iam::154776478584:user/AbdulHadi",
"resource_type": "iam_user"
},
{
"account_id": "154776478584",
"data": {
"access_keys": [],
"arn": "arn:aws:iam::154776478584:user/farhan",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword"
],
"create_date": "2025-12-10T19:58:27Z",
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"mfa_enabled": false,
"password_last_used": "2025-12-11T17:46:35Z",
"path": "/",
"tags": {},
"user_id": "AIDASICLFUN4FFOJTKWPM",
"user_name": "farhan"
},
"id": "3dd3242c-3245-4bec-88d1-c0f44d4ae9d8",
"region": "global",
"resource_id": "arn:aws:iam::154776478584:user/farhan",
"resource_type": "iam_user"
},
{
"account_id": "154776478584",
"data": {
"access_keys": [
{
"access_key_id": "AKIASICLFUN4N52MO3HS",
"create_date": "2026-02-08 19:38:08+00:00",
"status": "Active"
}
],
"arn": "arn:aws:iam::154776478584:user/hamza",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword"
],
"create_date": "2026-02-06T16:33:09Z",
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"mfa_enabled": false,
"password_last_used": "2026-03-04T23:03:00Z",
"path": "/",
"tags": {},
"user_id": "AIDASICLFUN4O7C7EIDXC",
"user_name": "hamza"
},
"id": "25f6c6c3-3adf-44a0-9a63-32fa54914046",
"region": "global",
"resource_id": "arn:aws:iam::154776478584:user/hamza",
"resource_type": "iam_user"
},
{
"account_id": "154776478584",
"data": {
"access_keys": [],
"arn": "arn:aws:iam::154776478584:user/salman",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword"
],
"create_date": "2026-02-06T16:45:47Z",
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"mfa_enabled": false,
"password_last_used": "2026-02-06T23:13:07Z",
"path": "/",
"tags": {},
"user_id": "AIDASICLFUN4P6MJ4IIOH",
"user_name": "salman"
},
"id": "c4fb4290-7566-4858-96c8-674fbbddd870",
"region": "global",
"resource_id": "arn:aws:iam::154776478584:user/salman",
"resource_type": "iam_user"
},
{
"account_id": "154776478584",
"data": {
"access_keys": [],
"arn": "arn:aws:iam::154776478584:user/shevyn",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword",
"arn:aws:iam::aws:policy/AWSBillingConductorFullAccess"
],
"create_date": "2025-12-10T19:52:34Z",
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"mfa_enabled": false,
"password_last_used": "2026-02-06T14:39:51Z",
"path": "/",
"tags": {},
"user_id": "AIDASICLFUN4A2TYI27PZ",
"user_name": "shevyn"
},
"id": "ed2c9f51-1d08-4337-843d-c26b05eb69b6",
"region": "global",
"resource_id": "arn:aws:iam::154776478584:user/shevyn",
"resource_type": "iam_user"
}
]
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91",
"limit": 50,
"resource_type": "iam_role",
"table": "identities"
},
"name": "aws_list_records",
"result": [
{
"account_id": "154776478584",
"data": {
"arn": "arn:aws:iam::154776478584:role/Audit",
"assume_role_policy_document": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Condition": {},
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::154776478584:root"
}
}
],
"Version": "2012-10-17"
},
"attached_policies": [
"arn:aws:iam::aws:policy/SecurityAudit"
],
"create_date": "2026-02-08T19:54:17Z",
"inline_policy_names": [],
"max_session_duration": 3600,
"path": "/",
"role_id": "AROASICLFUN4FUDVXOMSL",
"role_name": "Audit",
"tags": {}
},
"id": "118a79b9-79bc-4df5-b14d-e0691f95f2e9",
"region": "global",
"resource_id": "arn:aws:iam::154776478584:role/Audit",
"resource_type": "iam_role"
},
{
"account_id": "154776478584",
"data": {
"arn": "arn:aws:iam::154776478584:role/aws-service-role/resource-explorer-2.amazonaws.com/AWSServiceRoleForResourceExplorer",
"assume_role_policy_document": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "resource-explorer-2.amazonaws.com"
}
}
],
"Version": "2012-10-17"
},
"attached_policies": [
"arn:aws:iam::aws:policy/aws-service-role/AWSResourceExplorerServiceRolePolicy"
],
"create_date": "2025-12-10T19:51:04Z",
"inline_policy_names": [],
"max_session_duration": 3600,
"path": "/aws-service-role/resource-explorer-2.amazonaws.com/",
"role_id": "AROASICLFUN4PYLZZXHFN",
"role_name": "AWSServiceRoleForResourceExplorer",
"tags": {}
},
"id": "e2e15aae-75f2-494d-9816-af1419651a0b",
"region": "global",
"resource_id": "arn:aws:iam::154776478584:role/aws-service-role/resource-explorer-2.amazonaws.com/AWSServiceRoleForResourceExplorer",
"resource_type": "iam_role"
},
{
"account_id": "154776478584",
"data": {
"arn": "arn:aws:iam::154776478584:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport",
"assume_role_policy_document": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "support.amazonaws.com"
}
}
],
"Version": "2012-10-17"
},
"attached_policies": [
"arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy"
],
"create_date": "2022-08-26T01:30:14Z",
"inline_policy_names": [],
"max_session_duration": 3600,
"path": "/aws-service-role/support.amazonaws.com/",
"role_id": "AROASICLFUN4F7UFKDGUO",
"role_name": "AWSServiceRoleForSupport",
"tags": {}
},
"id": "21d1632d-519e-4c93-9908-a5ef8c8577a7",
"region": "global",
"resource_id": "arn:aws:iam::154776478584:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport",
"resource_type": "iam_role"
},
{
"account_id": "154776478584",
"data": {
"arn": "arn:aws:iam::154776478584:role/aws-service-role/trustedadvisor.amazonaws.com/AWSServiceRoleForTrustedAdvisor",
"assume_role_policy_document": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "trustedadvisor.amazonaws.com"
}
}
],
"Version": "2012-10-17"
},
"attached_policies": [
"arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorServiceRolePolicy"
],
"create_date": "2022-08-26T01:30:14Z",
"inline_policy_names": [],
"max_session_duration": 3600,
"path": "/aws-service-role/trustedadvisor.amazonaws.com/",
"role_id": "AROASICLFUN4G7GX24OOQ",
"role_name": "AWSServiceRoleForTrustedAdvisor",
"tags": {}
},
"id": "5bcaa273-b7c8-4b97-a1ca-dc7cb453b956",
"region": "global",
"resource_id": "arn:aws:iam::154776478584:role/aws-service-role/trustedadvisor.amazonaws.com/AWSServiceRoleForTrustedAdvisor",
"resource_type": "iam_role"
}
]
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91"
},
"name": "aws_summarize_cloudtrail_posture",
"result": {
"cloudwatch_logs_integration_trails_count": 0,
"kms_enabled_trails_count": 0,
"log_file_validation_enabled_trails_count": 0,
"logging_enabled_trails_count": 0,
"multi_region_trails_count": 0,
"sample_trails": [],
"total_trails": 0
}
}
],
"tool_plan": {
"tool_calls": [
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91"
},
"name": "aws_default_evidence_snapshot"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91"
},
"name": "aws_summarize_iam_users"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91"
},
"name": "aws_summarize_iam_policy_attachments"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91"
},
"name": "aws_summarize_iam_authentication_posture"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91",
"table": "identities"
},
"name": "aws_counts_by_resource_type"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91",
"limit": 50,
"resource_type": "iam_user",
"table": "identities"
},
"name": "aws_list_records"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91",
"limit": 50,
"resource_type": "iam_role",
"table": "identities"
},
"name": "aws_list_records"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91"
},
"name": "aws_summarize_cloudtrail_posture"
}
]
}
}