a95b7d15-f14e-46ac-96cc-f58d0c456cb1
— Retrievable via GET /ai/narratives/a95b7d15-f14e-46ac-96cc-f58d0c456cb1
The organization:
(a) Identifies and selects the following types of information system accounts to support organizational missions/business functions: [Assignment: organization-defined information system account types];
(b) Assigns account managers for information system accounts;
(c) Establishes conditions for group and role membership;
(d) Specifies authorized users of the information system, group and role membership, and access authorizations (i.e., privileges) and other attributes (as required) for each account;
(e) Requires approvals by [Assignment: organization-defined personnel or roles] for requests to create information system accounts;
(f) Creates, enables, modifies, disables, and removes information system accounts in accordance with [Assignment: organization-defined procedures or conditions];
(g) Monitors the use of information system accounts;
(h) Notifies account managers:
(1) When accounts are no longer required;
(2) When users are terminated or transferred; and
(3) When individual information system usage or need-to-know changes;
(i) Authorizes access to the information system based on:
(1) A valid access authorization;
(2) Intended system usage; and
(3) Other attributes as required by the organization or associated missions/business functions;
(j) Reviews accounts for compliance with account management requirements [FedRAMP Assignment: at least annually]; and
(k) Establishes a process for reissuing shared/group account credentials (if deployed) when individuals are removed from the group.
Responsible Role: Dragon Program Manager, Dragon Security Engineer, Dragon System Administrator, Dragon Network Administrator, Dragon Domain Administrator, Dragon Security Analyst, Dragon Customer, Customer System Owner
| Parameter | Prompt | Dragon Value |
|---|---|---|
| AC-2(a) | Assignment: organization-defined information system account types | AWS IAM users, IAM roles, AWS service roles, and OS/application accounts. |
| AC-2(e) | Assignment: organization-defined personnel or roles | Dragon Program Manager and Dragon System Administrator; Customer System Owner for customer users. |
| AC-2(f) | Assignment: organization-defined procedures or conditions | Documented JML workflow with ticket approvals; disable on termination; remove when no longer required. |
| AC-2(j) | FedRAMP Assignment: at least annually | Annual account recertification by account managers with remediation tracking. |
Implementation Status (check all that apply):
☐ Implemented
☒ Partially implemented
☐ Planned
☐ Alternative implementation
☐ Not applicable
Control Origination (check all that apply):
☐ Service Provider Corporate
☒ Service Provider System Specific
☒ Service Provider Hybrid (Corporate and System Specific)
☐ Configured by Customer (Customer System Specific)
☐ Provided by Customer (Customer System Specific)
☒ Shared (Service Provider and Customer Responsibility)
☒ Inherited from pre-existing FedRAMP Authorization for AI-Agent , Date of Authorization 02/18/2026
| Part | Requirement | Dragon Implementation | Inheritance | Customer Responsibility |
|---|---|---|---|---|
| a | Identifies and selects the following types of information system accounts to support organizational missions/business functions: [Assignment: organization-defined information system account types]. | Dragon uses AWS IAM users and roles; snapshot shows 5 IAM users and 4 IAM roles in account 154776478584. Account type inventory for OS and application accounts is Not evidenced. | Dragon partially inherits this control from the underlying AWS FedRAMP-authorized infrastructure. (FedRAMP Authorization for AI-Agent, 02/18/2026) | Identify customer user and application account types in Dragon scope. |
| b | Assigns account managers for information system accounts. | Account manager assignments for each IAM user/role are Not evidenced (no inventory with owner/manager fields provided). Snapshot only shows IAM identities counts (5 users, 4 roles). | Dragon partially inherits this control from the underlying AWS FedRAMP-authorized infrastructure. (FedRAMP Authorization for AI-Agent, 02/18/2026) | Assign account managers for all customer-managed accounts. |
| c | Establishes conditions for group and role membership. | Group membership is configured in IAM; 4 of 5 users are members of AdminGroup per snapshot. Conditions/criteria for membership approval and separation of duties are Not evidenced. | Dragon partially inherits this control from the underlying AWS FedRAMP-authorized infrastructure. (FedRAMP Authorization for AI-Agent, 02/18/2026) | Define and approve customer role/group membership criteria. |
| d | Specifies authorized users of the information system, group and role membership, and access authorizations (i.e., privileges) and other attributes (as required) for each account. | IAM authorizations are set via group/policy attachments; snapshot shows AdministratorAccess attached to 4 users and SecurityAudit attached to role Audit. Attribute governance (purpose, owner, ticket reference) is Not evidenced. | Dragon partially inherits this control from the underlying AWS FedRAMP-authorized infrastructure. (FedRAMP Authorization for AI-Agent, 02/18/2026) | Provide least-privilege requirements and approved access attributes for customer users. |
| e | Requires approvals by [Assignment: organization-defined personnel or roles] for requests to create information system accounts. | Approval workflow for account creation is Not evidenced in snapshot; requires procedural artifacts (e.g., access request tickets and approvals). Current IAM state shows 5 users without associated approval evidence. | Dragon partially inherits this control from the underlying AWS FedRAMP-authorized infrastructure. (FedRAMP Authorization for AI-Agent, 02/18/2026) | Approve customer user provisioning requests before account creation. |
| f | Creates, enables, modifies, disables, and removes information system accounts in accordance with [Assignment: organization-defined procedures or conditions]. | Account lifecycle procedures and execution evidence are Not evidenced in snapshot. CloudTrail is not configured (total_trails=0), limiting ability to evidence create/modify/disable events and actors. | Dragon partially inherits this control from the underlying AWS FedRAMP-authorized infrastructure. (FedRAMP Authorization for AI-Agent, 02/18/2026) | Perform timely joiner/mover/leaver actions for customer-managed identities. |
| g | Monitors the use of information system accounts. | Account monitoring is not effectively implemented; CloudTrail is absent (total_trails=0) and CloudWatch log groups are absent (total_log_groups=0), so IAM activity monitoring and alerting are not evidenced. | Dragon partially inherits this control from the underlying AWS FedRAMP-authorized infrastructure. (FedRAMP Authorization for AI-Agent, 02/18/2026) | Review account activity reports and respond to access anomalies. |
| h | Notifies account managers: (1) When accounts are no longer required; (2) When users are terminated or transferred; and (3) When individual information system usage or need-to-know changes. | Notification process (e.g., HR/Customer System Owner notices to account managers) is Not evidenced in snapshot; requires procedural artifacts. No automated notification configuration is evidenced due to missing CloudTrail/logging. | Dragon partially inherits this control from the underlying AWS FedRAMP-authorized infrastructure. (FedRAMP Authorization for AI-Agent, 02/18/2026) | Notify Dragon of terminations/transfers and access changes promptly. |
| i | Authorizes access to the information system based on: (1) A valid access authorization; (2) Intended system usage; and (3) Other attributes as required by the organization or associated missions/business functions. | Access authorization is not effectively enforced; snapshot shows 0 of 5 IAM users have MFA enabled (mfa_enabled_count=0) and 4 users have AdministratorAccess attached. Root MFA is enabled (root_mfa_active=true). | Dragon partially inherits this control from the underlying AWS FedRAMP-authorized infrastructure. (FedRAMP Authorization for AI-Agent, 02/18/2026) | Ensure customer access requests include justification, role, and intended usage. |
| j | Reviews accounts for compliance with account management requirements [FedRAMP Assignment: at least annually]. | Annual account review evidence is Not evidenced. Snapshot indicates compliance issues requiring review remediation (MFA enabled for 0/5 IAM users; 2 active access keys). | Dragon partially inherits this control from the underlying AWS FedRAMP-authorized infrastructure. (FedRAMP Authorization for AI-Agent, 02/18/2026) | Participate in annual recertification and remove unneeded customer access. |
| k | Establishes a process for reissuing shared/group account credentials (if deployed) when individuals are removed from the group. | Process for shared/group credential reissuance is Not evidenced. IAM group usage exists (AdminGroup includes 4 users), but shared credential management procedures are not provided. | Dragon partially inherits this control from the underlying AWS FedRAMP-authorized infrastructure. (FedRAMP Authorization for AI-Agent, 02/18/2026) | Rotate any customer-shared credentials when membership changes. |
High-level planning + tools used (no chain-of-thought). This helps validate the narrative is evidence-driven.
| Tool | Args | Result |
|---|---|---|
aws_default_evidence_snapshot |
{
"account_id": "154776478584",
"ingestion_run_id": "c0d8f077-c4ed-4995-a78d-e4810167baf7"
} |
ok |
aws_counts_by_resource_type |
{
"account_id": "154776478584",
"ingestion_run_id": "c0d8f077-c4ed-4995-a78d-e4810167baf7",
"table": "identities"
} |
ok |
aws_list_records |
{
"account_id": "154776478584",
"ingestion_run_id": "c0d8f077-c4ed-4995-a78d-e4810167baf7",
"limit": 50,
"resource_type": "iam_user",
"table": "identities"
} |
ok |
aws_list_records |
{
"account_id": "154776478584",
"ingestion_run_id": "c0d8f077-c4ed-4995-a78d-e4810167baf7",
"limit": 50,
"resource_type": "iam_role",
"table": "identities"
} |
ok |
aws_list_records |
{
"account_id": "154776478584",
"ingestion_run_id": "c0d8f077-c4ed-4995-a78d-e4810167baf7",
"limit": 50,
"resource_type": "iam_group",
"table": "identities"
} |
ok |
aws_summarize_iam_users |
{
"account_id": "154776478584",
"ingestion_run_id": "c0d8f077-c4ed-4995-a78d-e4810167baf7"
} |
ok |
aws_summarize_iam_policy_attachments |
{
"account_id": "154776478584",
"ingestion_run_id": "c0d8f077-c4ed-4995-a78d-e4810167baf7"
} |
ok |
aws_summarize_iam_authentication_posture |
{
"account_id": "154776478584",
"ingestion_run_id": "c0d8f077-c4ed-4995-a78d-e4810167baf7"
} |
ok |
aws_summarize_cloudtrail_posture |
{
"account_id": "154776478584",
"ingestion_run_id": "c0d8f077-c4ed-4995-a78d-e4810167baf7"
} |
ok |
aws_summarize_cloudwatch_log_groups |
{
"account_id": "154776478584",
"ingestion_run_id": "c0d8f077-c4ed-4995-a78d-e4810167baf7"
} |
ok |
The exact evidence data the AI model used to generate this narrative. Stored with every generated narrative for traceability (AU-3).
{
"account_id": "154776478584",
"analysis": {
"assessor_summary": [
"Establish and maintain an inventory of all system accounts (user, admin, service, and application).",
"Define and enforce account lifecycle processes for request, approval, creation, modification, review, and deprovisioning.",
"Implement periodic account reviews and remove/disable inactive, unnecessary, or unauthorized accounts.",
"Ensure privilege assignments follow least privilege and are tied to approved roles and job functions.",
"Centralize account management where feasible and log account-related administrative actions."
],
"evidence_needs": [
"Account management policy and procedures (account lifecycle, approvals, deprovisioning, service accounts)",
"Authoritative user/identity source documentation (e.g., IdP/Directory design and scope)",
"System account inventory exports (all account types) with attributes (owner, role, status, last login, created/modified dates)",
"Account request and approval records (tickets/workflows) including access justification",
"Provisioning and deprovisioning workflow evidence (joiner/mover/leaver) with time-to-disable/terminate examples",
"Periodic account review/recertification results, reviewer attestations, and remediation tracking",
"Inactive/dormant account handling configuration and evidence (disable thresholds, exceptions, monitoring)",
"Privileged account management evidence (admin account listing, role mappings, separation of duties, elevation controls)",
"Service/shared account governance evidence (ownership, purpose, credential rotation, usage restrictions)",
"Account management configuration screenshots/exports (directory settings, group/role assignments, automated provisioning rules)",
"Audit logs showing account creation/modification/disable/enable events and who performed them",
"Exception/waiver documentation for deviations (e.g., legacy systems) with compensating controls"
],
"preferred_tables": [
"identities",
"assets"
]
},
"control_id": "AC-2",
"ingestion_run_id": "c0d8f077-c4ed-4995-a78d-e4810167baf7",
"tool_calls": [
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "c0d8f077-c4ed-4995-a78d-e4810167baf7"
},
"name": "aws_default_evidence_snapshot"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "c0d8f077-c4ed-4995-a78d-e4810167baf7",
"table": "identities"
},
"name": "aws_counts_by_resource_type"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "c0d8f077-c4ed-4995-a78d-e4810167baf7",
"limit": 50,
"resource_type": "iam_user",
"table": "identities"
},
"name": "aws_list_records"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "c0d8f077-c4ed-4995-a78d-e4810167baf7",
"limit": 50,
"resource_type": "iam_role",
"table": "identities"
},
"name": "aws_list_records"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "c0d8f077-c4ed-4995-a78d-e4810167baf7",
"limit": 50,
"resource_type": "iam_group",
"table": "identities"
},
"name": "aws_list_records"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "c0d8f077-c4ed-4995-a78d-e4810167baf7"
},
"name": "aws_summarize_iam_users"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "c0d8f077-c4ed-4995-a78d-e4810167baf7"
},
"name": "aws_summarize_iam_policy_attachments"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "c0d8f077-c4ed-4995-a78d-e4810167baf7"
},
"name": "aws_summarize_iam_authentication_posture"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "c0d8f077-c4ed-4995-a78d-e4810167baf7"
},
"name": "aws_summarize_cloudtrail_posture"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "c0d8f077-c4ed-4995-a78d-e4810167baf7"
},
"name": "aws_summarize_cloudwatch_log_groups"
}
],
"tool_outputs": [
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "c0d8f077-c4ed-4995-a78d-e4810167baf7"
},
"name": "aws_default_evidence_snapshot",
"result": {
"counts": {
"assets": [
{
"count": 3,
"resource_type": "ebs_volume"
},
{
"count": 2,
"resource_type": "ec2_instance"
}
],
"data_stores": [],
"identities": [
{
"count": 1,
"resource_type": "iam_credential_report"
},
{
"count": 1,
"resource_type": "iam_password_policy"
},
{
"count": 4,
"resource_type": "iam_role"
},
{
"count": 5,
"resource_type": "iam_user"
}
],
"network_components": [
{
"count": 1,
"resource_type": "internet_gateway"
},
{
"count": 1,
"resource_type": "network_acl"
},
{
"count": 1,
"resource_type": "route_table"
},
{
"count": 3,
"resource_type": "security_group"
},
{
"count": 6,
"resource_type": "subnet"
},
{
"count": 1,
"resource_type": "vpc"
}
]
},
"summaries": {
"cloudtrail": {
"cloudwatch_logs_integration_trails_count": 0,
"kms_enabled_trails_count": 0,
"log_file_validation_enabled_trails_count": 0,
"logging_enabled_trails_count": 0,
"multi_region_trails_count": 0,
"sample_trails": [],
"total_trails": 0
},
"cloudwatch_logs": {
"kms_encrypted_log_groups_count": 0,
"log_groups_with_retention_count": 0,
"log_groups_without_retention_count": 0,
"sample_log_groups_without_retention": [],
"total_log_groups": 0
},
"cm8_inventory": {
"counts": {
"assets": [
{
"count": 3,
"resource_type": "ebs_volume"
},
{
"count": 2,
"resource_type": "ec2_instance"
}
],
"data_stores": [],
"identities": [
{
"count": 1,
"resource_type": "iam_credential_report"
},
{
"count": 1,
"resource_type": "iam_password_policy"
},
{
"count": 4,
"resource_type": "iam_role"
},
{
"count": 5,
"resource_type": "iam_user"
}
],
"network_components": [
{
"count": 1,
"resource_type": "internet_gateway"
},
{
"count": 1,
"resource_type": "network_acl"
},
{
"count": 1,
"resource_type": "route_table"
},
{
"count": 3,
"resource_type": "security_group"
},
{
"count": 6,
"resource_type": "subnet"
},
{
"count": 1,
"resource_type": "vpc"
}
]
},
"ebs_volumes": {
"encrypted_volumes_count": 0,
"sample_unencrypted_volumes": [
{
"attachments": [
{
"attach_time": "2022-09-10 19:16:37+00:00",
"delete_on_termination": true,
"device": "/dev/sda1",
"instance_id": "i-0322a28bf1a8a68c5",
"state": "attached"
}
],
"region": "us-east-1",
"size_gb": 10,
"volume_id": "vol-0402ca2f2f3be9e94"
},
{
"attachments": [
{
"attach_time": "2022-08-28 20:05:24+00:00",
"delete_on_termination": true,
"device": "/dev/sdb",
"instance_id": "i-0601780d500bb51ea",
"state": "attached"
}
],
"region": "us-east-1",
"size_gb": 10,
"volume_id": "vol-017cf162462cc1786"
},
{
"attachments": [
{
"attach_time": "2022-08-28 20:05:24+00:00",
"delete_on_termination": true,
"device": "/dev/sda1",
"instance_id": "i-0601780d500bb51ea",
"state": "attached"
}
],
"region": "us-east-1",
"size_gb": 20,
"volume_id": "vol-05e6fd7a0bd29300e"
}
],
"total_volumes": 3,
"unencrypted_volumes_count": 3
}
},
"ec2_instances": {
"monitoring_enabled_count": 0,
"sample_instances": [
{
"iam_instance_profile": null,
"instance_id": "i-0601780d500bb51ea",
"instance_type": "t2.medium",
"monitoring_enabled": false,
"region": "us-east-1",
"security_group_ids": [
"sg-090ff45d5d6ad1cd4"
],
"state": "stopped",
"subnet_id": "subnet-0b8c568bc3659b486",
"tags": {
"Name": "First Instance"
},
"vpc_id": "vpc-033668c99bb7641b0"
},
{
"iam_instance_profile": null,
"instance_id": "i-0322a28bf1a8a68c5",
"instance_type": "t2.micro",
"monitoring_enabled": false,
"region": "us-east-1",
"security_group_ids": [
"sg-090ff45d5d6ad1cd4"
],
"state": "stopped",
"subnet_id": "subnet-05c9a438bb7c68867",
"tags": {
"Name": "Second Instance"
},
"vpc_id": "vpc-033668c99bb7641b0"
}
],
"states": {
"stopped": 2
},
"total_instances": 2
},
"iam_authentication_posture": {
"credential_report": {
"access_key_1_active_count": 2,
"access_key_2_active_count": 0,
"mfa_active_count": 1,
"password_enabled_count": 5,
"root_mfa_active": "true",
"sample_users": [
{
"access_key_1_active": "true",
"access_key_2_active": "false",
"mfa_active": "false",
"password_enabled": "false",
"password_last_used": "N/A",
"user": "AbdulHadi"
},
{
"access_key_1_active": "false",
"access_key_2_active": "false",
"mfa_active": "false",
"password_enabled": "true",
"password_last_used": "2025-12-11T17:46:35Z",
"user": "farhan"
},
{
"access_key_1_active": "true",
"access_key_2_active": "false",
"mfa_active": "false",
"password_enabled": "true",
"password_last_used": "2026-02-08T18:30:20Z",
"user": "hamza"
},
{
"access_key_1_active": "false",
"access_key_2_active": "false",
"mfa_active": "false",
"password_enabled": "true",
"password_last_used": "2026-02-06T23:13:07Z",
"user": "salman"
},
{
"access_key_1_active": "false",
"access_key_2_active": "false",
"mfa_active": "false",
"password_enabled": "true",
"password_last_used": "2026-02-06T14:39:51Z",
"user": "shevyn"
}
],
"total_rows": 6
},
"password_policy": {
"exists": false
}
},
"iam_policy_attachments": {
"roles_total": 4,
"roles_with_attached_policies_count": 4,
"roles_with_inline_policies_count": 0,
"sample_roles": [
{
"arn": "arn:aws:iam::154776478584:role/Audit",
"attached_policies": [
"arn:aws:iam::aws:policy/SecurityAudit"
],
"inline_policy_names": [],
"max_session_duration": 3600,
"role_name": "Audit"
},
{
"arn": "arn:aws:iam::154776478584:role/aws-service-role/resource-explorer-2.amazonaws.com/AWSServiceRoleForResourceExplorer",
"attached_policies": [
"arn:aws:iam::aws:policy/aws-service-role/AWSResourceExplorerServiceRolePolicy"
],
"inline_policy_names": [],
"max_session_duration": 3600,
"role_name": "AWSServiceRoleForResourceExplorer"
},
{
"arn": "arn:aws:iam::154776478584:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport",
"attached_policies": [
"arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy"
],
"inline_policy_names": [],
"max_session_duration": 3600,
"role_name": "AWSServiceRoleForSupport"
},
{
"arn": "arn:aws:iam::154776478584:role/aws-service-role/trustedadvisor.amazonaws.com/AWSServiceRoleForTrustedAdvisor",
"attached_policies": [
"arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorServiceRolePolicy"
],
"inline_policy_names": [],
"max_session_duration": 3600,
"role_name": "AWSServiceRoleForTrustedAdvisor"
}
],
"sample_users": [
{
"arn": "arn:aws:iam::154776478584:user/AbdulHadi",
"attached_policies": [],
"groups": [],
"inline_policy_names": [],
"user_name": "AbdulHadi"
},
{
"arn": "arn:aws:iam::154776478584:user/farhan",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword"
],
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"user_name": "farhan"
},
{
"arn": "arn:aws:iam::154776478584:user/hamza",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword"
],
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"user_name": "hamza"
},
{
"arn": "arn:aws:iam::154776478584:user/salman",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword"
],
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"user_name": "salman"
},
{
"arn": "arn:aws:iam::154776478584:user/shevyn",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword",
"arn:aws:iam::aws:policy/AWSBillingConductorFullAccess"
],
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"user_name": "shevyn"
}
],
"top_attached_policies": [
{
"count": 4,
"policy_arn": "arn:aws:iam::aws:policy/AdministratorAccess"
},
{
"count": 4,
"policy_arn": "arn:aws:iam::aws:policy/IAMUserChangePassword"
},
{
"count": 1,
"policy_arn": "arn:aws:iam::aws:policy/AWSBillingConductorFullAccess"
},
{
"count": 1,
"policy_arn": "arn:aws:iam::aws:policy/SecurityAudit"
},
{
"count": 1,
"policy_arn": "arn:aws:iam::aws:policy/aws-service-role/AWSResourceExplorerServiceRolePolicy"
},
{
"count": 1,
"policy_arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy"
},
{
"count": 1,
"policy_arn": "arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorServiceRolePolicy"
}
],
"top_inline_policy_names": [],
"users_total": 5,
"users_with_attached_policies_count": 4,
"users_with_inline_policies_count": 0
},
"iam_users": {
"active_access_keys_count": 2,
"mfa_disabled_count": 5,
"mfa_enabled_count": 0,
"sample_users": [
{
"access_keys_count": 1,
"arn": "arn:aws:iam::154776478584:user/AbdulHadi",
"groups": [],
"mfa_enabled": false,
"password_last_used": "None",
"user_name": "AbdulHadi"
},
{
"access_keys_count": 0,
"arn": "arn:aws:iam::154776478584:user/farhan",
"groups": [
"AdminGroup"
],
"mfa_enabled": false,
"password_last_used": "2025-12-11T17:46:35Z",
"user_name": "farhan"
},
{
"access_keys_count": 1,
"arn": "arn:aws:iam::154776478584:user/hamza",
"groups": [
"AdminGroup"
],
"mfa_enabled": false,
"password_last_used": "2026-02-08T18:30:20Z",
"user_name": "hamza"
},
{
"access_keys_count": 0,
"arn": "arn:aws:iam::154776478584:user/salman",
"groups": [
"AdminGroup"
],
"mfa_enabled": false,
"password_last_used": "2026-02-06T23:13:07Z",
"user_name": "salman"
},
{
"access_keys_count": 0,
"arn": "arn:aws:iam::154776478584:user/shevyn",
"groups": [
"AdminGroup"
],
"mfa_enabled": false,
"password_last_used": "2026-02-06T14:39:51Z",
"user_name": "shevyn"
}
],
"total_users": 5
},
"network_boundary": {
"counts_by_resource_type": {
"internet_gateway": 1,
"network_acl": 1,
"route_table": 1,
"security_group": 3,
"subnet": 6,
"vpc": 1
},
"sample": {
"internet_gateway": [
{
"id": "igw-0c2d9b6f737cc026e",
"region": "us-east-1",
"summary": {
"attachments": [
{
"State": "available",
"VpcId": "vpc-033668c99bb7641b0"
}
],
"internet_gateway_id": "igw-0c2d9b6f737cc026e",
"tags": {}
},
"vpc_id": "vpc-033668c99bb7641b0"
}
],
"nat_gateway": [],
"network_acl": [
{
"id": "acl-06660319533dddb32",
"region": "us-east-1",
"summary": {
"associations": [
{
"network_acl_association_id": "aclassoc-0c29b39b3fcdfb473",
"subnet_id": "subnet-006336d9696975386"
},
{
"network_acl_association_id": "aclassoc-0618ec8477cd3a5d2",
"subnet_id": "subnet-0b8c568bc3659b486"
},
{
"network_acl_association_id": "aclassoc-02f93f4972febca91",
"subnet_id": "subnet-0c567848e2f3285b9"
},
{
"network_acl_association_id": "aclassoc-0dcb08e13e94dc611",
"subnet_id": "subnet-05c9a438bb7c68867"
},
{
"network_acl_association_id": "aclassoc-0b2e9a777557a332d",
"subnet_id": "subnet-0b3e792cb9abb6b15"
},
{
"network_acl_association_id": "aclassoc-01cbb62a80cdc5353",
"subnet_id": "subnet-06c23e873cdba6e94"
}
],
"entries": [
{
"cidr_block": "0.0.0.0/0",
"egress": true,
"ipv6_cidr_block": null,
"port_range": null,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100
},
{
"cidr_block": "0.0.0.0/0",
"egress": true,
"ipv6_cidr_block": null,
"port_range": null,
"protocol": "-1",
"rule_action": "deny",
"rule_number": 32767
},
{
"cidr_block": "0.0.0.0/0",
"egress": false,
"ipv6_cidr_block": null,
"port_range": null,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100
},
{
"cidr_block": "0.0.0.0/0",
"egress": false,
"ipv6_cidr_block": null,
"port_range": null,
"protocol": "-1",
"rule_action": "deny",
"rule_number": 32767
}
],
"is_default": true,
"network_acl_id": "acl-06660319533dddb32",
"tags": {},
"vpc_id": "vpc-033668c99bb7641b0"
},
"vpc_id": "vpc-033668c99bb7641b0"
}
],
"route_table": [
{
"id": "rtb-0e286a42d0f5851da",
"region": "us-east-1",
"summary": {
"associations": [
{
"association_id": "rtbassoc-04fbdfbd5f3d513a8",
"gateway_id": null,
"main": true,
"subnet_id": null
}
],
"route_table_id": "rtb-0e286a42d0f5851da",
"routes": [
{
"destination_cidr_block": "172.31.0.0/16",
"destination_ipv6_cidr_block": null,
"gateway_id": "local",
"instance_id": null,
"nat_gateway_id": null,
"origin": "CreateRouteTable",
"state": "active",
"transit_gateway_id": null,
"vpc_peering_connection_id": null
},
{
"destination_cidr_block": "0.0.0.0/0",
"destination_ipv6_cidr_block": null,
"gateway_id": "igw-0c2d9b6f737cc026e",
"instance_id": null,
"nat_gateway_id": null,
"origin": "CreateRoute",
"state": "active",
"transit_gateway_id": null,
"vpc_peering_connection_id": null
}
],
"tags": {},
"vpc_id": "vpc-033668c99bb7641b0"
},
"vpc_id": "vpc-033668c99bb7641b0"
}
],
"vpc_endpoint": []
}
},
"rds_instances": {
"encrypted_rds_instances_count": 0,
"publicly_accessible_rds_instances_count": 0,
"sample_unencrypted_rds_instances": [],
"total_rds_instances": 0,
"unencrypted_rds_instances_count": 0
},
"s3_buckets": {
"encrypted_buckets_count": 0,
"public_access_block_missing_count": 0,
"sample_unencrypted_buckets": [],
"total_buckets": 0,
"unencrypted_buckets_count": 0
},
"security_groups": {
"sample_world_open_security_groups": [
{
"group_id": "sg-090ff45d5d6ad1cd4",
"group_name": "launch-wizard-1",
"open_ingress_rules": [
{
"cidr_blocks": [
"0.0.0.0/0"
],
"description": null,
"from_port": 22,
"ipv6_cidr_blocks": [],
"protocol": "tcp",
"to_port": 22
}
],
"vpc_id": "vpc-033668c99bb7641b0"
},
{
"group_id": "sg-00b9a1b8acdc7534e",
"group_name": "launch-wizard-2",
"open_ingress_rules": [
{
"cidr_blocks": [
"0.0.0.0/0"
],
"description": null,
"from_port": 3389,
"ipv6_cidr_blocks": [],
"protocol": "tcp",
"to_port": 3389
}
],
"vpc_id": "vpc-033668c99bb7641b0"
}
],
"security_groups_with_world_open_ingress_count": 2,
"total_security_groups": 3,
"world_open_ingress_rule_count": 2
},
"vpc_flow_logs": {
"deliver_logs_success_count": 0,
"sample_flow_logs": [],
"total_flow_logs": 0
}
}
}
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "c0d8f077-c4ed-4995-a78d-e4810167baf7",
"table": "identities"
},
"name": "aws_counts_by_resource_type",
"result": [
{
"count": 1,
"resource_type": "iam_credential_report"
},
{
"count": 1,
"resource_type": "iam_password_policy"
},
{
"count": 4,
"resource_type": "iam_role"
},
{
"count": 5,
"resource_type": "iam_user"
}
]
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "c0d8f077-c4ed-4995-a78d-e4810167baf7",
"limit": 50,
"resource_type": "iam_user",
"table": "identities"
},
"name": "aws_list_records",
"result": [
{
"account_id": "154776478584",
"data": {
"access_keys": [
{
"access_key_id": "AKIASICLFUN4GJGPP5SM",
"create_date": "2026-02-08 19:33:09+00:00",
"status": "Active"
}
],
"arn": "arn:aws:iam::154776478584:user/AbdulHadi",
"attached_policies": [],
"create_date": "2026-02-08T19:30:25Z",
"groups": [],
"inline_policy_names": [],
"mfa_enabled": false,
"password_last_used": null,
"path": "/",
"tags": {},
"user_id": "AIDASICLFUN4CYQMP6UHX",
"user_name": "AbdulHadi"
},
"id": "71f3e79e-52a6-42d5-8984-e28453241b96",
"region": "global",
"resource_id": "arn:aws:iam::154776478584:user/AbdulHadi",
"resource_type": "iam_user"
},
{
"account_id": "154776478584",
"data": {
"access_keys": [],
"arn": "arn:aws:iam::154776478584:user/farhan",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword"
],
"create_date": "2025-12-10T19:58:27Z",
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"mfa_enabled": false,
"password_last_used": "2025-12-11T17:46:35Z",
"path": "/",
"tags": {},
"user_id": "AIDASICLFUN4FFOJTKWPM",
"user_name": "farhan"
},
"id": "3a3b38d1-fe91-4a92-a667-17b02da07aac",
"region": "global",
"resource_id": "arn:aws:iam::154776478584:user/farhan",
"resource_type": "iam_user"
},
{
"account_id": "154776478584",
"data": {
"access_keys": [
{
"access_key_id": "AKIASICLFUN4N52MO3HS",
"create_date": "2026-02-08 19:38:08+00:00",
"status": "Active"
}
],
"arn": "arn:aws:iam::154776478584:user/hamza",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword"
],
"create_date": "2026-02-06T16:33:09Z",
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"mfa_enabled": false,
"password_last_used": "2026-02-08T18:30:20Z",
"path": "/",
"tags": {},
"user_id": "AIDASICLFUN4O7C7EIDXC",
"user_name": "hamza"
},
"id": "ba3e9f4c-a6b0-4c7e-af07-e1a2a3d6377e",
"region": "global",
"resource_id": "arn:aws:iam::154776478584:user/hamza",
"resource_type": "iam_user"
},
{
"account_id": "154776478584",
"data": {
"access_keys": [],
"arn": "arn:aws:iam::154776478584:user/salman",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword"
],
"create_date": "2026-02-06T16:45:47Z",
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"mfa_enabled": false,
"password_last_used": "2026-02-06T23:13:07Z",
"path": "/",
"tags": {},
"user_id": "AIDASICLFUN4P6MJ4IIOH",
"user_name": "salman"
},
"id": "fd77b439-e173-4562-aa7b-f8f4229396ea",
"region": "global",
"resource_id": "arn:aws:iam::154776478584:user/salman",
"resource_type": "iam_user"
},
{
"account_id": "154776478584",
"data": {
"access_keys": [],
"arn": "arn:aws:iam::154776478584:user/shevyn",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword",
"arn:aws:iam::aws:policy/AWSBillingConductorFullAccess"
],
"create_date": "2025-12-10T19:52:34Z",
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"mfa_enabled": false,
"password_last_used": "2026-02-06T14:39:51Z",
"path": "/",
"tags": {},
"user_id": "AIDASICLFUN4A2TYI27PZ",
"user_name": "shevyn"
},
"id": "e7a0881b-6ebe-4e7b-ae1d-b91a6c14fb73",
"region": "global",
"resource_id": "arn:aws:iam::154776478584:user/shevyn",
"resource_type": "iam_user"
}
]
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "c0d8f077-c4ed-4995-a78d-e4810167baf7",
"limit": 50,
"resource_type": "iam_role",
"table": "identities"
},
"name": "aws_list_records",
"result": [
{
"account_id": "154776478584",
"data": {
"arn": "arn:aws:iam::154776478584:role/Audit",
"assume_role_policy_document": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Condition": {},
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::154776478584:root"
}
}
],
"Version": "2012-10-17"
},
"attached_policies": [
"arn:aws:iam::aws:policy/SecurityAudit"
],
"create_date": "2026-02-08T19:54:17Z",
"inline_policy_names": [],
"max_session_duration": 3600,
"path": "/",
"role_id": "AROASICLFUN4FUDVXOMSL",
"role_name": "Audit",
"tags": {}
},
"id": "ac3ded2d-004d-4a36-b67d-dd16ef3ec0d5",
"region": "global",
"resource_id": "arn:aws:iam::154776478584:role/Audit",
"resource_type": "iam_role"
},
{
"account_id": "154776478584",
"data": {
"arn": "arn:aws:iam::154776478584:role/aws-service-role/resource-explorer-2.amazonaws.com/AWSServiceRoleForResourceExplorer",
"assume_role_policy_document": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "resource-explorer-2.amazonaws.com"
}
}
],
"Version": "2012-10-17"
},
"attached_policies": [
"arn:aws:iam::aws:policy/aws-service-role/AWSResourceExplorerServiceRolePolicy"
],
"create_date": "2025-12-10T19:51:04Z",
"inline_policy_names": [],
"max_session_duration": 3600,
"path": "/aws-service-role/resource-explorer-2.amazonaws.com/",
"role_id": "AROASICLFUN4PYLZZXHFN",
"role_name": "AWSServiceRoleForResourceExplorer",
"tags": {}
},
"id": "6d2c02a7-4f7e-420e-825e-41c849a202e7",
"region": "global",
"resource_id": "arn:aws:iam::154776478584:role/aws-service-role/resource-explorer-2.amazonaws.com/AWSServiceRoleForResourceExplorer",
"resource_type": "iam_role"
},
{
"account_id": "154776478584",
"data": {
"arn": "arn:aws:iam::154776478584:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport",
"assume_role_policy_document": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "support.amazonaws.com"
}
}
],
"Version": "2012-10-17"
},
"attached_policies": [
"arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy"
],
"create_date": "2022-08-26T01:30:14Z",
"inline_policy_names": [],
"max_session_duration": 3600,
"path": "/aws-service-role/support.amazonaws.com/",
"role_id": "AROASICLFUN4F7UFKDGUO",
"role_name": "AWSServiceRoleForSupport",
"tags": {}
},
"id": "5de45dcb-083b-452e-b127-1327715fe816",
"region": "global",
"resource_id": "arn:aws:iam::154776478584:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport",
"resource_type": "iam_role"
},
{
"account_id": "154776478584",
"data": {
"arn": "arn:aws:iam::154776478584:role/aws-service-role/trustedadvisor.amazonaws.com/AWSServiceRoleForTrustedAdvisor",
"assume_role_policy_document": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "trustedadvisor.amazonaws.com"
}
}
],
"Version": "2012-10-17"
},
"attached_policies": [
"arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorServiceRolePolicy"
],
"create_date": "2022-08-26T01:30:14Z",
"inline_policy_names": [],
"max_session_duration": 3600,
"path": "/aws-service-role/trustedadvisor.amazonaws.com/",
"role_id": "AROASICLFUN4G7GX24OOQ",
"role_name": "AWSServiceRoleForTrustedAdvisor",
"tags": {}
},
"id": "15c72406-31a6-41e7-87cf-6681d51dae84",
"region": "global",
"resource_id": "arn:aws:iam::154776478584:role/aws-service-role/trustedadvisor.amazonaws.com/AWSServiceRoleForTrustedAdvisor",
"resource_type": "iam_role"
}
]
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "c0d8f077-c4ed-4995-a78d-e4810167baf7",
"limit": 50,
"resource_type": "iam_group",
"table": "identities"
},
"name": "aws_list_records",
"result": []
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "c0d8f077-c4ed-4995-a78d-e4810167baf7"
},
"name": "aws_summarize_iam_users",
"result": {
"active_access_keys_count": 2,
"mfa_disabled_count": 5,
"mfa_enabled_count": 0,
"sample_users": [
{
"access_keys_count": 1,
"arn": "arn:aws:iam::154776478584:user/AbdulHadi",
"groups": [],
"mfa_enabled": false,
"password_last_used": "None",
"user_name": "AbdulHadi"
},
{
"access_keys_count": 0,
"arn": "arn:aws:iam::154776478584:user/farhan",
"groups": [
"AdminGroup"
],
"mfa_enabled": false,
"password_last_used": "2025-12-11T17:46:35Z",
"user_name": "farhan"
},
{
"access_keys_count": 1,
"arn": "arn:aws:iam::154776478584:user/hamza",
"groups": [
"AdminGroup"
],
"mfa_enabled": false,
"password_last_used": "2026-02-08T18:30:20Z",
"user_name": "hamza"
},
{
"access_keys_count": 0,
"arn": "arn:aws:iam::154776478584:user/salman",
"groups": [
"AdminGroup"
],
"mfa_enabled": false,
"password_last_used": "2026-02-06T23:13:07Z",
"user_name": "salman"
},
{
"access_keys_count": 0,
"arn": "arn:aws:iam::154776478584:user/shevyn",
"groups": [
"AdminGroup"
],
"mfa_enabled": false,
"password_last_used": "2026-02-06T14:39:51Z",
"user_name": "shevyn"
}
],
"total_users": 5
}
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "c0d8f077-c4ed-4995-a78d-e4810167baf7"
},
"name": "aws_summarize_iam_policy_attachments",
"result": {
"roles_total": 4,
"roles_with_attached_policies_count": 4,
"roles_with_inline_policies_count": 0,
"sample_roles": [
{
"arn": "arn:aws:iam::154776478584:role/Audit",
"attached_policies": [
"arn:aws:iam::aws:policy/SecurityAudit"
],
"inline_policy_names": [],
"max_session_duration": 3600,
"role_name": "Audit"
},
{
"arn": "arn:aws:iam::154776478584:role/aws-service-role/resource-explorer-2.amazonaws.com/AWSServiceRoleForResourceExplorer",
"attached_policies": [
"arn:aws:iam::aws:policy/aws-service-role/AWSResourceExplorerServiceRolePolicy"
],
"inline_policy_names": [],
"max_session_duration": 3600,
"role_name": "AWSServiceRoleForResourceExplorer"
},
{
"arn": "arn:aws:iam::154776478584:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport",
"attached_policies": [
"arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy"
],
"inline_policy_names": [],
"max_session_duration": 3600,
"role_name": "AWSServiceRoleForSupport"
},
{
"arn": "arn:aws:iam::154776478584:role/aws-service-role/trustedadvisor.amazonaws.com/AWSServiceRoleForTrustedAdvisor",
"attached_policies": [
"arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorServiceRolePolicy"
],
"inline_policy_names": [],
"max_session_duration": 3600,
"role_name": "AWSServiceRoleForTrustedAdvisor"
}
],
"sample_users": [
{
"arn": "arn:aws:iam::154776478584:user/AbdulHadi",
"attached_policies": [],
"groups": [],
"inline_policy_names": [],
"user_name": "AbdulHadi"
},
{
"arn": "arn:aws:iam::154776478584:user/farhan",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword"
],
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"user_name": "farhan"
},
{
"arn": "arn:aws:iam::154776478584:user/hamza",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword"
],
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"user_name": "hamza"
},
{
"arn": "arn:aws:iam::154776478584:user/salman",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword"
],
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"user_name": "salman"
},
{
"arn": "arn:aws:iam::154776478584:user/shevyn",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword",
"arn:aws:iam::aws:policy/AWSBillingConductorFullAccess"
],
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"user_name": "shevyn"
}
],
"top_attached_policies": [
{
"count": 4,
"policy_arn": "arn:aws:iam::aws:policy/AdministratorAccess"
},
{
"count": 4,
"policy_arn": "arn:aws:iam::aws:policy/IAMUserChangePassword"
},
{
"count": 1,
"policy_arn": "arn:aws:iam::aws:policy/AWSBillingConductorFullAccess"
},
{
"count": 1,
"policy_arn": "arn:aws:iam::aws:policy/SecurityAudit"
},
{
"count": 1,
"policy_arn": "arn:aws:iam::aws:policy/aws-service-role/AWSResourceExplorerServiceRolePolicy"
},
{
"count": 1,
"policy_arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy"
},
{
"count": 1,
"policy_arn": "arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorServiceRolePolicy"
}
],
"top_inline_policy_names": [],
"users_total": 5,
"users_with_attached_policies_count": 4,
"users_with_inline_policies_count": 0
}
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "c0d8f077-c4ed-4995-a78d-e4810167baf7"
},
"name": "aws_summarize_iam_authentication_posture",
"result": {
"credential_report": {
"access_key_1_active_count": 2,
"access_key_2_active_count": 0,
"mfa_active_count": 1,
"password_enabled_count": 5,
"root_mfa_active": "true",
"sample_users": [
{
"access_key_1_active": "true",
"access_key_2_active": "false",
"mfa_active": "false",
"password_enabled": "false",
"password_last_used": "N/A",
"user": "AbdulHadi"
},
{
"access_key_1_active": "false",
"access_key_2_active": "false",
"mfa_active": "false",
"password_enabled": "true",
"password_last_used": "2025-12-11T17:46:35Z",
"user": "farhan"
},
{
"access_key_1_active": "true",
"access_key_2_active": "false",
"mfa_active": "false",
"password_enabled": "true",
"password_last_used": "2026-02-08T18:30:20Z",
"user": "hamza"
},
{
"access_key_1_active": "false",
"access_key_2_active": "false",
"mfa_active": "false",
"password_enabled": "true",
"password_last_used": "2026-02-06T23:13:07Z",
"user": "salman"
},
{
"access_key_1_active": "false",
"access_key_2_active": "false",
"mfa_active": "false",
"password_enabled": "true",
"password_last_used": "2026-02-06T14:39:51Z",
"user": "shevyn"
}
],
"total_rows": 6
},
"password_policy": {
"exists": false
}
}
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "c0d8f077-c4ed-4995-a78d-e4810167baf7"
},
"name": "aws_summarize_cloudtrail_posture",
"result": {
"cloudwatch_logs_integration_trails_count": 0,
"kms_enabled_trails_count": 0,
"log_file_validation_enabled_trails_count": 0,
"logging_enabled_trails_count": 0,
"multi_region_trails_count": 0,
"sample_trails": [],
"total_trails": 0
}
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "c0d8f077-c4ed-4995-a78d-e4810167baf7"
},
"name": "aws_summarize_cloudwatch_log_groups",
"result": {
"kms_encrypted_log_groups_count": 0,
"log_groups_with_retention_count": 0,
"log_groups_without_retention_count": 0,
"sample_log_groups_without_retention": [],
"total_log_groups": 0
}
}
],
"tool_plan": {
"tool_calls": [
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "c0d8f077-c4ed-4995-a78d-e4810167baf7"
},
"name": "aws_default_evidence_snapshot"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "c0d8f077-c4ed-4995-a78d-e4810167baf7",
"table": "identities"
},
"name": "aws_counts_by_resource_type"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "c0d8f077-c4ed-4995-a78d-e4810167baf7",
"limit": 50,
"resource_type": "iam_user",
"table": "identities"
},
"name": "aws_list_records"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "c0d8f077-c4ed-4995-a78d-e4810167baf7",
"limit": 50,
"resource_type": "iam_role",
"table": "identities"
},
"name": "aws_list_records"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "c0d8f077-c4ed-4995-a78d-e4810167baf7",
"limit": 50,
"resource_type": "iam_group",
"table": "identities"
},
"name": "aws_list_records"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "c0d8f077-c4ed-4995-a78d-e4810167baf7"
},
"name": "aws_summarize_iam_users"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "c0d8f077-c4ed-4995-a78d-e4810167baf7"
},
"name": "aws_summarize_iam_policy_attachments"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "c0d8f077-c4ed-4995-a78d-e4810167baf7"
},
"name": "aws_summarize_iam_authentication_posture"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "c0d8f077-c4ed-4995-a78d-e4810167baf7"
},
"name": "aws_summarize_cloudtrail_posture"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "c0d8f077-c4ed-4995-a78d-e4810167baf7"
},
"name": "aws_summarize_cloudwatch_log_groups"
}
]
}
}