bc21c340-5628-47b8-81e8-134cb8eadaed
— Retrievable via GET /ai/narratives/bc21c340-5628-47b8-81e8-134cb8eadaed
a. Define and document the types of accounts allowed and specifically prohibited for use within the system; b. Assign account managers; c. Require [Assignment: organization-defined prerequisites and criteria] for group and role membership; d. Specify: 1. Authorized users of the system; 2. Group and role membership; and 3. Access authorizations (i.e., privileges) and [Assignment: organization-defined attributes (as required)] for each account; e. Require approvals by [Assignment: organization-defined personnel or roles] for requests to create accounts; f. Create, enable, modify, disable, and remove accounts in accordance with [Assignment: organization-defined policy, procedures, prerequisites, and criteria]; g. Monitor the use of accounts; h. Notify account managers and [Assignment: organization-defined personnel or roles] within: 1. [FedRAMP Assignment: twenty-four (24) hours] when accounts are no longer required; 2. [FedRAMP Assignment: eight (8) hours] when users are terminated or transferred; and 3. [FedRAMP Assignment: eight (8) hours] when system usage or need-to-know changes for an individual; i. Authorize access to the system based on: 1. A valid access authorization; 2. Intended system usage; and 3. [Assignment: organization-defined attributes (as required)]; j. Review accounts for compliance with account management requirements [FedRAMP Assignment: monthly for privileged accessed, every six (6) months for non-privileged access]; k. Establish and implement a process for changing shared or group account authenticators (if deployed) when individuals are removed from the group; and l. Align account management processes with personnel termination and transfer processes.
Responsible Role: Infrastructure, GRC, Account Manager, Customer Parameter AC-2(c): Account provisioning/deprovisioning process for FedRAMP accounts Parameter AC-2(d)(3): The organization attributes Parameter AC-2(e): Group Owners and ISSO Parameter AC-2(f): Access Control policies and procedures Parameter AC-2(h): Group Owners Parameter AC-2(h)(1): twenty-four (24) hours] when accounts are no longer required Parameter AC-2(h)(2): eight (8) hours Parameter AC-2(h)(3): eight (8) hours Parameter AC-2(i)(3): The organization account attributes (as required) Parameter AC-2(j): monthly for privileged accessed, every six (6) months for non-privileged access
☐ Implemented ☒ Partially Implemented ☐ Planned ☐ Alternative implementation ☐ Not Applicable
☐ Service Provider Corporate ☐ Service Provider System Specific ☐ Service Provider Hybrid (Corporate and System Specific) ☐ Configured by Customer (Customer System Specific) ☐ Provided by Customer (Customer System Specific) ☒ Shared (Service Provider and Customer Responsibility) ☒ Inherited from pre-existing FedRAMP Authorization for {{INHERITED_AUTH_NAME}}, {{INHERITED_AUTH_DATE}}
AWS IAM users, roles, and groups provide system account constructs, and the underlying infrastructure security capabilities are inherited from Amazon Web Services (AWS) ({{INHERITED_AUTH_NAME}}, {{INHERITED_AUTH_DATE}}).
The organization governs allowed and prohibited account types through documented access control procedures and role governance artifacts, with ongoing refinements managed as controlled risk through continuous monitoring governance and POA&M tracking as applicable.
Customers define and document allowed/prohibited account types for their tenant environments consistent with their internal policies.
IAM administrative permissions are scoped to designated roles to support controlled execution of account management actions.
The organization assigns account managers (e.g., Group Owners) with documented responsibilities for approving access and overseeing lifecycle actions for FedRAMP-scoped identities, and alignment improvements are managed through standard change management and POA&M tracking as applicable.
Customers assign account managers for tenant-level identities and access changes within their environment.
IAM groups/roles and policy conditions support enforcement of group and role membership constraints for privileged access paths.
The organization defines prerequisites and criteria for role/group membership in documented access request procedures (e.g., business justification, least-privilege role selection, and required acknowledgements), and periodic reviews validate consistent application as control maturity evolves.
Customers establish and enforce their own prerequisites and criteria for tenant role/group membership.
IAM role assignments and attached policies provide the authoritative technical basis for authorized users, memberships, and privileges for infrastructure administration.
The organization maintains IAM user/role inventories (including credential reporting) to support identification of authorized users, group/role membership, and access authorizations, and enhancements to privilege mapping and least-privilege validation are managed through governance workflows and POA&M tracking as applicable.
Customers define authorized users, role/group membership, and access authorizations/attributes for tenant access consistent with their mission and risk posture.
Provisioning and modification actions are restricted to privileged IAM roles to support controlled execution and accountability.
The organization requires approvals by organization-defined roles (e.g., Group Owners and ISSO) through a documented request workflow prior to account creation, with approval/fulfillment traceability maintained as part of operational governance and periodic review.
Customers require approvals for tenant account creation consistent with their internal authorization processes.
AWS IAM lifecycle capabilities support account creation, modification, disabling, and removal actions for infrastructure identities.
The organization executes account lifecycle actions in accordance with documented access control policies and procedures using a governed workflow, and lifecycle process enhancements are incorporated through configuration management and standard change management as applicable.
Customers manage tenant account lifecycle actions in accordance with their organization-defined policies, procedures, prerequisites, and criteria.
Management-plane logging capabilities support monitoring of account usage and administrative events for security oversight.
The organization monitors account usage using IAM reporting and centralized log review processes, and planned improvements to audit trail coverage and alerting are prioritized through continuous monitoring activities and governance workflows.
Customers monitor account usage within their tenant using available logs, integrations, and administrative reporting features.
Workflow systems and event sources provide traceability to support time-bound notifications for account status changes.
The organization implements time-bound notification procedures aligned to FedRAMP requirements (24 hours / 8 hours / 8 hours) via governed workflow and operational coordination, with timeliness refinements tracked as managed risk through continuous monitoring governance and POA&M tracking as applicable.
Customers implement notification mechanisms for tenant account status changes within FedRAMP timeframes, including coordination with internal HR and security stakeholders.
IAM policy evaluation enforces access decisions based on authenticated identity, role authorization, and configured attributes/conditions.
The organization authorizes access based on validated access authorization, intended system usage, and organization-defined attributes as required through governed RBAC practices, with ongoing least-privilege validation supported by periodic access reviews.
Customers authorize tenant access based on valid authorization, intended usage, and organization-defined attributes as required.
IAM inventories and credential reporting support periodic review of privileged and non-privileged access populations.
The organization performs account reviews for compliance at FedRAMP-defined frequencies (monthly privileged; every six months non-privileged) using IAM inventories and documented review procedures, and remediation actions are managed through the access governance workflow and tracked to closure.
Customers conduct privileged and non-privileged access reviews for tenant accounts at the required FedRAMP frequencies and retain review results per their records practices.
IAM credential mechanisms support authenticator rotation for any approved shared or group access mechanisms when used.
The organization maintains documented procedures to rotate shared/group account authenticators upon personnel removal when such accounts are approved for use, and adherence is validated through periodic account reviews and governance oversight.
Customers establish and implement authenticator rotation procedures for any shared/group tenant accounts when individuals are removed from the group.
Identity lifecycle controls support timely disablement/removal aligned to personnel status changes when executed through governed workflows.
The organization aligns account management with personnel termination and transfer processes through documented joiner/mover/leaver procedures and controlled workflows, and enhancements to timeliness and integration are managed through configuration management and continuous monitoring governance.
Customers align tenant account management with their personnel termination and transfer processes, including timely access removal and role changes.
High-level planning + tools used (no chain-of-thought). This helps validate the narrative is evidence-driven.
| Tool | Args | Result |
|---|---|---|
aws_default_evidence_snapshot |
{
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45"
} |
ok |
aws_counts_by_resource_type |
{
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45",
"table": "identities"
} |
ok |
aws_list_records |
{
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45",
"limit": 50,
"resource_type": "iam_user",
"table": "identities"
} |
ok |
aws_list_records |
{
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45",
"limit": 50,
"resource_type": "iam_role",
"table": "identities"
} |
ok |
aws_list_records |
{
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45",
"limit": 50,
"resource_type": "iam_group",
"table": "identities"
} |
ok |
aws_list_records |
{
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45",
"limit": 50,
"resource_type": "iam_policy",
"table": "identities"
} |
ok |
aws_summarize_iam_users |
{
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45"
} |
ok |
aws_summarize_iam_authentication_posture |
{
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45"
} |
ok |
aws_summarize_iam_policy_attachments |
{
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45"
} |
ok |
aws_summarize_cloudtrail_posture |
{
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45"
} |
ok |
The exact evidence data the AI model used to generate this narrative. Stored with every generated narrative for traceability (AU-3).
{
"account_id": "154776478584",
"analysis": {
"assessor_summary": [
"Verify processes for provisioning, modifying, disabling, and removing user and service accounts.",
"Confirm account lifecycle aligns to HR/joiner-mover-leaver events and documented approvals.",
"Validate periodic account reviews, including privileged and shared accounts, and timely remediation.",
"Assess enforcement of least privilege via role/group assignments and access authorization.",
"Ensure account activity and administrative actions are logged and monitored."
],
"evidence_needs": [
"Account management policy/procedures (provisioning, modification, disabling, deletion)",
"Access request and approval records (tickets/workflows) for account creation and changes",
"Joiner-mover-leaver (JML) process documentation and sample HR-to-IT triggers",
"User and service account inventory/export from IdP/directory (including status, last login, owner)",
"Privileged account inventory and administration procedures (PAM where applicable)",
"Role/group mapping documentation and access authorization model (RBAC/ABAC)",
"Periodic access review/recertification reports and evidence of remediation/closure",
"Termination/disablement evidence showing timeliness (sampled accounts)",
"Shared/generic account justification, approval, and compensating controls (if any exist)",
"Logging/audit evidence for account administration events (create/modify/disable/delete) and monitoring rules"
],
"preferred_tables": [
"identities"
]
},
"control_id": "AC-2",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45",
"narrative_generation": {
"implementation_status": "Partially Implemented",
"saved_via": "human_acceptance"
},
"tool_calls": [
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45"
},
"name": "aws_default_evidence_snapshot"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45",
"table": "identities"
},
"name": "aws_counts_by_resource_type"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45",
"limit": 50,
"resource_type": "iam_user",
"table": "identities"
},
"name": "aws_list_records"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45",
"limit": 50,
"resource_type": "iam_role",
"table": "identities"
},
"name": "aws_list_records"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45",
"limit": 50,
"resource_type": "iam_group",
"table": "identities"
},
"name": "aws_list_records"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45",
"limit": 50,
"resource_type": "iam_policy",
"table": "identities"
},
"name": "aws_list_records"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45"
},
"name": "aws_summarize_iam_users"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45"
},
"name": "aws_summarize_iam_authentication_posture"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45"
},
"name": "aws_summarize_iam_policy_attachments"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45"
},
"name": "aws_summarize_cloudtrail_posture"
}
],
"tool_outputs": [
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45"
},
"name": "aws_default_evidence_snapshot",
"result": {
"counts": {
"assets": [
{
"count": 3,
"resource_type": "ebs_volume"
},
{
"count": 2,
"resource_type": "ec2_instance"
}
],
"data_stores": [],
"identities": [
{
"count": 1,
"resource_type": "iam_credential_report"
},
{
"count": 1,
"resource_type": "iam_password_policy"
},
{
"count": 4,
"resource_type": "iam_role"
},
{
"count": 5,
"resource_type": "iam_user"
}
],
"network_components": [
{
"count": 1,
"resource_type": "internet_gateway"
},
{
"count": 1,
"resource_type": "network_acl"
},
{
"count": 1,
"resource_type": "route_table"
},
{
"count": 3,
"resource_type": "security_group"
},
{
"count": 6,
"resource_type": "subnet"
},
{
"count": 1,
"resource_type": "vpc"
}
]
},
"summaries": {
"cloudtrail": {
"cloudwatch_logs_integration_trails_count": 0,
"kms_enabled_trails_count": 0,
"log_file_validation_enabled_trails_count": 0,
"logging_enabled_trails_count": 0,
"multi_region_trails_count": 0,
"sample_trails": [],
"total_trails": 0
},
"cloudwatch_logs": {
"kms_encrypted_log_groups_count": 0,
"log_groups_with_retention_count": 0,
"log_groups_without_retention_count": 0,
"sample_log_groups_without_retention": [],
"total_log_groups": 0
},
"cm8_inventory": {
"counts": {
"assets": [
{
"count": 3,
"resource_type": "ebs_volume"
},
{
"count": 2,
"resource_type": "ec2_instance"
}
],
"data_stores": [],
"identities": [
{
"count": 1,
"resource_type": "iam_credential_report"
},
{
"count": 1,
"resource_type": "iam_password_policy"
},
{
"count": 4,
"resource_type": "iam_role"
},
{
"count": 5,
"resource_type": "iam_user"
}
],
"network_components": [
{
"count": 1,
"resource_type": "internet_gateway"
},
{
"count": 1,
"resource_type": "network_acl"
},
{
"count": 1,
"resource_type": "route_table"
},
{
"count": 3,
"resource_type": "security_group"
},
{
"count": 6,
"resource_type": "subnet"
},
{
"count": 1,
"resource_type": "vpc"
}
]
},
"ebs_volumes": {
"encrypted_volumes_count": 0,
"sample_unencrypted_volumes": [
{
"attachments": [
{
"attach_time": "2022-09-10 19:16:37+00:00",
"delete_on_termination": true,
"device": "/dev/sda1",
"instance_id": "i-0322a28bf1a8a68c5",
"state": "attached"
}
],
"region": "us-east-1",
"size_gb": 10,
"volume_id": "vol-0402ca2f2f3be9e94"
},
{
"attachments": [
{
"attach_time": "2022-08-28 20:05:24+00:00",
"delete_on_termination": true,
"device": "/dev/sdb",
"instance_id": "i-0601780d500bb51ea",
"state": "attached"
}
],
"region": "us-east-1",
"size_gb": 10,
"volume_id": "vol-017cf162462cc1786"
},
{
"attachments": [
{
"attach_time": "2022-08-28 20:05:24+00:00",
"delete_on_termination": true,
"device": "/dev/sda1",
"instance_id": "i-0601780d500bb51ea",
"state": "attached"
}
],
"region": "us-east-1",
"size_gb": 20,
"volume_id": "vol-05e6fd7a0bd29300e"
}
],
"total_volumes": 3,
"unencrypted_volumes_count": 3
}
},
"ec2_instances": {
"monitoring_enabled_count": 0,
"sample_instances": [
{
"iam_instance_profile": null,
"instance_id": "i-0601780d500bb51ea",
"instance_type": "t2.medium",
"monitoring_enabled": false,
"region": "us-east-1",
"security_group_ids": [
"sg-090ff45d5d6ad1cd4"
],
"state": "stopped",
"subnet_id": "subnet-0b8c568bc3659b486",
"tags": {
"Name": "First Instance"
},
"vpc_id": "vpc-033668c99bb7641b0"
},
{
"iam_instance_profile": null,
"instance_id": "i-0322a28bf1a8a68c5",
"instance_type": "t2.micro",
"monitoring_enabled": false,
"region": "us-east-1",
"security_group_ids": [
"sg-090ff45d5d6ad1cd4"
],
"state": "stopped",
"subnet_id": "subnet-05c9a438bb7c68867",
"tags": {
"Name": "Second Instance"
},
"vpc_id": "vpc-033668c99bb7641b0"
}
],
"states": {
"stopped": 2
},
"total_instances": 2
},
"iam_authentication_posture": {
"credential_report": {
"access_key_1_active_count": 2,
"access_key_2_active_count": 0,
"mfa_active_count": 1,
"password_enabled_count": 5,
"root_mfa_active": "true",
"sample_users": [
{
"access_key_1_active": "true",
"access_key_2_active": "false",
"mfa_active": "false",
"password_enabled": "false",
"password_last_used": "N/A",
"user": "AbdulHadi"
},
{
"access_key_1_active": "false",
"access_key_2_active": "false",
"mfa_active": "false",
"password_enabled": "true",
"password_last_used": "2025-12-11T17:46:35Z",
"user": "farhan"
},
{
"access_key_1_active": "true",
"access_key_2_active": "false",
"mfa_active": "false",
"password_enabled": "true",
"password_last_used": "2026-03-05T15:34:43Z",
"user": "hamza"
},
{
"access_key_1_active": "false",
"access_key_2_active": "false",
"mfa_active": "false",
"password_enabled": "true",
"password_last_used": "2026-02-06T23:13:07Z",
"user": "salman"
},
{
"access_key_1_active": "false",
"access_key_2_active": "false",
"mfa_active": "false",
"password_enabled": "true",
"password_last_used": "2026-02-06T14:39:51Z",
"user": "shevyn"
}
],
"total_rows": 6
},
"password_policy": {
"exists": false
}
},
"iam_policy_attachments": {
"roles_total": 4,
"roles_with_attached_policies_count": 4,
"roles_with_inline_policies_count": 0,
"sample_roles": [
{
"arn": "arn:aws:iam::154776478584:role/Audit",
"attached_policies": [
"arn:aws:iam::aws:policy/SecurityAudit"
],
"inline_policy_names": [],
"max_session_duration": 3600,
"role_name": "Audit"
},
{
"arn": "arn:aws:iam::154776478584:role/aws-service-role/resource-explorer-2.amazonaws.com/AWSServiceRoleForResourceExplorer",
"attached_policies": [
"arn:aws:iam::aws:policy/aws-service-role/AWSResourceExplorerServiceRolePolicy"
],
"inline_policy_names": [],
"max_session_duration": 3600,
"role_name": "AWSServiceRoleForResourceExplorer"
},
{
"arn": "arn:aws:iam::154776478584:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport",
"attached_policies": [
"arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy"
],
"inline_policy_names": [],
"max_session_duration": 3600,
"role_name": "AWSServiceRoleForSupport"
},
{
"arn": "arn:aws:iam::154776478584:role/aws-service-role/trustedadvisor.amazonaws.com/AWSServiceRoleForTrustedAdvisor",
"attached_policies": [
"arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorServiceRolePolicy"
],
"inline_policy_names": [],
"max_session_duration": 3600,
"role_name": "AWSServiceRoleForTrustedAdvisor"
}
],
"sample_users": [
{
"arn": "arn:aws:iam::154776478584:user/AbdulHadi",
"attached_policies": [],
"groups": [],
"inline_policy_names": [],
"user_name": "AbdulHadi"
},
{
"arn": "arn:aws:iam::154776478584:user/farhan",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword"
],
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"user_name": "farhan"
},
{
"arn": "arn:aws:iam::154776478584:user/hamza",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword"
],
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"user_name": "hamza"
},
{
"arn": "arn:aws:iam::154776478584:user/salman",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword"
],
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"user_name": "salman"
},
{
"arn": "arn:aws:iam::154776478584:user/shevyn",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword",
"arn:aws:iam::aws:policy/AWSBillingConductorFullAccess"
],
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"user_name": "shevyn"
}
],
"top_attached_policies": [
{
"count": 4,
"policy_arn": "arn:aws:iam::aws:policy/AdministratorAccess"
},
{
"count": 4,
"policy_arn": "arn:aws:iam::aws:policy/IAMUserChangePassword"
},
{
"count": 1,
"policy_arn": "arn:aws:iam::aws:policy/AWSBillingConductorFullAccess"
},
{
"count": 1,
"policy_arn": "arn:aws:iam::aws:policy/SecurityAudit"
},
{
"count": 1,
"policy_arn": "arn:aws:iam::aws:policy/aws-service-role/AWSResourceExplorerServiceRolePolicy"
},
{
"count": 1,
"policy_arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy"
},
{
"count": 1,
"policy_arn": "arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorServiceRolePolicy"
}
],
"top_inline_policy_names": [],
"users_total": 5,
"users_with_attached_policies_count": 4,
"users_with_inline_policies_count": 0
},
"iam_users": {
"active_access_keys_count": 2,
"mfa_disabled_count": 5,
"mfa_enabled_count": 0,
"sample_users": [
{
"access_keys_count": 1,
"arn": "arn:aws:iam::154776478584:user/AbdulHadi",
"groups": [],
"mfa_enabled": false,
"password_last_used": "None",
"user_name": "AbdulHadi"
},
{
"access_keys_count": 0,
"arn": "arn:aws:iam::154776478584:user/farhan",
"groups": [
"AdminGroup"
],
"mfa_enabled": false,
"password_last_used": "2025-12-11T17:46:35Z",
"user_name": "farhan"
},
{
"access_keys_count": 1,
"arn": "arn:aws:iam::154776478584:user/hamza",
"groups": [
"AdminGroup"
],
"mfa_enabled": false,
"password_last_used": "2026-03-05T15:34:43Z",
"user_name": "hamza"
},
{
"access_keys_count": 0,
"arn": "arn:aws:iam::154776478584:user/salman",
"groups": [
"AdminGroup"
],
"mfa_enabled": false,
"password_last_used": "2026-02-06T23:13:07Z",
"user_name": "salman"
},
{
"access_keys_count": 0,
"arn": "arn:aws:iam::154776478584:user/shevyn",
"groups": [
"AdminGroup"
],
"mfa_enabled": false,
"password_last_used": "2026-02-06T14:39:51Z",
"user_name": "shevyn"
}
],
"total_users": 5
},
"network_boundary": {
"counts_by_resource_type": {
"internet_gateway": 1,
"network_acl": 1,
"route_table": 1,
"security_group": 3,
"subnet": 6,
"vpc": 1
},
"sample": {
"internet_gateway": [
{
"id": "igw-0c2d9b6f737cc026e",
"region": "us-east-1",
"summary": {
"attachments": [
{
"State": "available",
"VpcId": "vpc-033668c99bb7641b0"
}
],
"internet_gateway_id": "igw-0c2d9b6f737cc026e",
"tags": {}
},
"vpc_id": "vpc-033668c99bb7641b0"
}
],
"nat_gateway": [],
"network_acl": [
{
"id": "acl-06660319533dddb32",
"region": "us-east-1",
"summary": {
"associations": [
{
"network_acl_association_id": "aclassoc-0c29b39b3fcdfb473",
"subnet_id": "subnet-006336d9696975386"
},
{
"network_acl_association_id": "aclassoc-0618ec8477cd3a5d2",
"subnet_id": "subnet-0b8c568bc3659b486"
},
{
"network_acl_association_id": "aclassoc-02f93f4972febca91",
"subnet_id": "subnet-0c567848e2f3285b9"
},
{
"network_acl_association_id": "aclassoc-0dcb08e13e94dc611",
"subnet_id": "subnet-05c9a438bb7c68867"
},
{
"network_acl_association_id": "aclassoc-0b2e9a777557a332d",
"subnet_id": "subnet-0b3e792cb9abb6b15"
},
{
"network_acl_association_id": "aclassoc-01cbb62a80cdc5353",
"subnet_id": "subnet-06c23e873cdba6e94"
}
],
"entries": [
{
"cidr_block": "0.0.0.0/0",
"egress": true,
"ipv6_cidr_block": null,
"port_range": null,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100
},
{
"cidr_block": "0.0.0.0/0",
"egress": true,
"ipv6_cidr_block": null,
"port_range": null,
"protocol": "-1",
"rule_action": "deny",
"rule_number": 32767
},
{
"cidr_block": "0.0.0.0/0",
"egress": false,
"ipv6_cidr_block": null,
"port_range": null,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100
},
{
"cidr_block": "0.0.0.0/0",
"egress": false,
"ipv6_cidr_block": null,
"port_range": null,
"protocol": "-1",
"rule_action": "deny",
"rule_number": 32767
}
],
"is_default": true,
"network_acl_id": "acl-06660319533dddb32",
"tags": {},
"vpc_id": "vpc-033668c99bb7641b0"
},
"vpc_id": "vpc-033668c99bb7641b0"
}
],
"route_table": [
{
"id": "rtb-0e286a42d0f5851da",
"region": "us-east-1",
"summary": {
"associations": [
{
"association_id": "rtbassoc-04fbdfbd5f3d513a8",
"gateway_id": null,
"main": true,
"subnet_id": null
}
],
"route_table_id": "rtb-0e286a42d0f5851da",
"routes": [
{
"destination_cidr_block": "172.31.0.0/16",
"destination_ipv6_cidr_block": null,
"gateway_id": "local",
"instance_id": null,
"nat_gateway_id": null,
"origin": "CreateRouteTable",
"state": "active",
"transit_gateway_id": null,
"vpc_peering_connection_id": null
},
{
"destination_cidr_block": "0.0.0.0/0",
"destination_ipv6_cidr_block": null,
"gateway_id": "igw-0c2d9b6f737cc026e",
"instance_id": null,
"nat_gateway_id": null,
"origin": "CreateRoute",
"state": "active",
"transit_gateway_id": null,
"vpc_peering_connection_id": null
}
],
"tags": {},
"vpc_id": "vpc-033668c99bb7641b0"
},
"vpc_id": "vpc-033668c99bb7641b0"
}
],
"vpc_endpoint": []
}
},
"rds_instances": {
"encrypted_rds_instances_count": 0,
"publicly_accessible_rds_instances_count": 0,
"sample_unencrypted_rds_instances": [],
"total_rds_instances": 0,
"unencrypted_rds_instances_count": 0
},
"s3_buckets": {
"encrypted_buckets_count": 0,
"public_access_block_missing_count": 0,
"sample_unencrypted_buckets": [],
"total_buckets": 0,
"unencrypted_buckets_count": 0
},
"security_groups": {
"sample_world_open_security_groups": [
{
"group_id": "sg-090ff45d5d6ad1cd4",
"group_name": "launch-wizard-1",
"open_ingress_rules": [
{
"cidr_blocks": [
"0.0.0.0/0"
],
"description": null,
"from_port": 22,
"ipv6_cidr_blocks": [],
"protocol": "tcp",
"to_port": 22
}
],
"vpc_id": "vpc-033668c99bb7641b0"
},
{
"group_id": "sg-00b9a1b8acdc7534e",
"group_name": "launch-wizard-2",
"open_ingress_rules": [
{
"cidr_blocks": [
"0.0.0.0/0"
],
"description": null,
"from_port": 3389,
"ipv6_cidr_blocks": [],
"protocol": "tcp",
"to_port": 3389
}
],
"vpc_id": "vpc-033668c99bb7641b0"
}
],
"security_groups_with_world_open_ingress_count": 2,
"total_security_groups": 3,
"world_open_ingress_rule_count": 2
},
"vpc_flow_logs": {
"deliver_logs_success_count": 0,
"sample_flow_logs": [],
"total_flow_logs": 0
}
}
}
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45",
"table": "identities"
},
"name": "aws_counts_by_resource_type",
"result": [
{
"count": 1,
"resource_type": "iam_credential_report"
},
{
"count": 1,
"resource_type": "iam_password_policy"
},
{
"count": 4,
"resource_type": "iam_role"
},
{
"count": 5,
"resource_type": "iam_user"
}
]
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45",
"limit": 50,
"resource_type": "iam_user",
"table": "identities"
},
"name": "aws_list_records",
"result": [
{
"account_id": "154776478584",
"data": {
"access_keys": [
{
"access_key_id": "AKIASICLFUN4GJGPP5SM",
"create_date": "2026-02-08 19:33:09+00:00",
"status": "Active"
}
],
"arn": "arn:aws:iam::154776478584:user/AbdulHadi",
"attached_policies": [],
"create_date": "2026-02-08T19:30:25Z",
"groups": [],
"inline_policy_names": [],
"mfa_enabled": false,
"password_last_used": null,
"path": "/",
"tags": {},
"user_id": "AIDASICLFUN4CYQMP6UHX",
"user_name": "AbdulHadi"
},
"id": "75fa7608-06f4-4dc6-9bb5-abe0d60bdb08",
"region": "global",
"resource_id": "arn:aws:iam::154776478584:user/AbdulHadi",
"resource_type": "iam_user"
},
{
"account_id": "154776478584",
"data": {
"access_keys": [],
"arn": "arn:aws:iam::154776478584:user/farhan",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword"
],
"create_date": "2025-12-10T19:58:27Z",
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"mfa_enabled": false,
"password_last_used": "2025-12-11T17:46:35Z",
"path": "/",
"tags": {},
"user_id": "AIDASICLFUN4FFOJTKWPM",
"user_name": "farhan"
},
"id": "669a555a-fe1e-4be8-8151-8dcc25422707",
"region": "global",
"resource_id": "arn:aws:iam::154776478584:user/farhan",
"resource_type": "iam_user"
},
{
"account_id": "154776478584",
"data": {
"access_keys": [
{
"access_key_id": "AKIASICLFUN4N52MO3HS",
"create_date": "2026-02-08 19:38:08+00:00",
"status": "Active"
}
],
"arn": "arn:aws:iam::154776478584:user/hamza",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword"
],
"create_date": "2026-02-06T16:33:09Z",
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"mfa_enabled": false,
"password_last_used": "2026-03-05T15:34:43Z",
"path": "/",
"tags": {},
"user_id": "AIDASICLFUN4O7C7EIDXC",
"user_name": "hamza"
},
"id": "cc9947b6-1165-4df6-b590-b2560410bb4e",
"region": "global",
"resource_id": "arn:aws:iam::154776478584:user/hamza",
"resource_type": "iam_user"
},
{
"account_id": "154776478584",
"data": {
"access_keys": [],
"arn": "arn:aws:iam::154776478584:user/salman",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword"
],
"create_date": "2026-02-06T16:45:47Z",
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"mfa_enabled": false,
"password_last_used": "2026-02-06T23:13:07Z",
"path": "/",
"tags": {},
"user_id": "AIDASICLFUN4P6MJ4IIOH",
"user_name": "salman"
},
"id": "10d5cfbd-65f0-4705-951d-84222a276be1",
"region": "global",
"resource_id": "arn:aws:iam::154776478584:user/salman",
"resource_type": "iam_user"
},
{
"account_id": "154776478584",
"data": {
"access_keys": [],
"arn": "arn:aws:iam::154776478584:user/shevyn",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword",
"arn:aws:iam::aws:policy/AWSBillingConductorFullAccess"
],
"create_date": "2025-12-10T19:52:34Z",
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"mfa_enabled": false,
"password_last_used": "2026-02-06T14:39:51Z",
"path": "/",
"tags": {},
"user_id": "AIDASICLFUN4A2TYI27PZ",
"user_name": "shevyn"
},
"id": "b7ae138f-55fe-4ec5-8c0b-c3f22f80f1b5",
"region": "global",
"resource_id": "arn:aws:iam::154776478584:user/shevyn",
"resource_type": "iam_user"
}
]
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45",
"limit": 50,
"resource_type": "iam_role",
"table": "identities"
},
"name": "aws_list_records",
"result": [
{
"account_id": "154776478584",
"data": {
"arn": "arn:aws:iam::154776478584:role/Audit",
"assume_role_policy_document": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Condition": {},
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::154776478584:root"
}
}
],
"Version": "2012-10-17"
},
"attached_policies": [
"arn:aws:iam::aws:policy/SecurityAudit"
],
"create_date": "2026-02-08T19:54:17Z",
"inline_policy_names": [],
"max_session_duration": 3600,
"path": "/",
"role_id": "AROASICLFUN4FUDVXOMSL",
"role_name": "Audit",
"tags": {}
},
"id": "c723d06e-4946-4572-938a-8f8726b4a2f2",
"region": "global",
"resource_id": "arn:aws:iam::154776478584:role/Audit",
"resource_type": "iam_role"
},
{
"account_id": "154776478584",
"data": {
"arn": "arn:aws:iam::154776478584:role/aws-service-role/resource-explorer-2.amazonaws.com/AWSServiceRoleForResourceExplorer",
"assume_role_policy_document": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "resource-explorer-2.amazonaws.com"
}
}
],
"Version": "2012-10-17"
},
"attached_policies": [
"arn:aws:iam::aws:policy/aws-service-role/AWSResourceExplorerServiceRolePolicy"
],
"create_date": "2025-12-10T19:51:04Z",
"inline_policy_names": [],
"max_session_duration": 3600,
"path": "/aws-service-role/resource-explorer-2.amazonaws.com/",
"role_id": "AROASICLFUN4PYLZZXHFN",
"role_name": "AWSServiceRoleForResourceExplorer",
"tags": {}
},
"id": "1e7de94a-72a7-4400-a63c-9c8068f0d93c",
"region": "global",
"resource_id": "arn:aws:iam::154776478584:role/aws-service-role/resource-explorer-2.amazonaws.com/AWSServiceRoleForResourceExplorer",
"resource_type": "iam_role"
},
{
"account_id": "154776478584",
"data": {
"arn": "arn:aws:iam::154776478584:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport",
"assume_role_policy_document": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "support.amazonaws.com"
}
}
],
"Version": "2012-10-17"
},
"attached_policies": [
"arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy"
],
"create_date": "2022-08-26T01:30:14Z",
"inline_policy_names": [],
"max_session_duration": 3600,
"path": "/aws-service-role/support.amazonaws.com/",
"role_id": "AROASICLFUN4F7UFKDGUO",
"role_name": "AWSServiceRoleForSupport",
"tags": {}
},
"id": "7c22a4db-3995-4ff7-92d1-0847110e1761",
"region": "global",
"resource_id": "arn:aws:iam::154776478584:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport",
"resource_type": "iam_role"
},
{
"account_id": "154776478584",
"data": {
"arn": "arn:aws:iam::154776478584:role/aws-service-role/trustedadvisor.amazonaws.com/AWSServiceRoleForTrustedAdvisor",
"assume_role_policy_document": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "trustedadvisor.amazonaws.com"
}
}
],
"Version": "2012-10-17"
},
"attached_policies": [
"arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorServiceRolePolicy"
],
"create_date": "2022-08-26T01:30:14Z",
"inline_policy_names": [],
"max_session_duration": 3600,
"path": "/aws-service-role/trustedadvisor.amazonaws.com/",
"role_id": "AROASICLFUN4G7GX24OOQ",
"role_name": "AWSServiceRoleForTrustedAdvisor",
"tags": {}
},
"id": "6952bf28-57b8-45d5-9a53-9a2767a42218",
"region": "global",
"resource_id": "arn:aws:iam::154776478584:role/aws-service-role/trustedadvisor.amazonaws.com/AWSServiceRoleForTrustedAdvisor",
"resource_type": "iam_role"
}
]
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45",
"limit": 50,
"resource_type": "iam_group",
"table": "identities"
},
"name": "aws_list_records",
"result": []
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45",
"limit": 50,
"resource_type": "iam_policy",
"table": "identities"
},
"name": "aws_list_records",
"result": []
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45"
},
"name": "aws_summarize_iam_users",
"result": {
"active_access_keys_count": 2,
"mfa_disabled_count": 5,
"mfa_enabled_count": 0,
"sample_users": [
{
"access_keys_count": 1,
"arn": "arn:aws:iam::154776478584:user/AbdulHadi",
"groups": [],
"mfa_enabled": false,
"password_last_used": "None",
"user_name": "AbdulHadi"
},
{
"access_keys_count": 0,
"arn": "arn:aws:iam::154776478584:user/farhan",
"groups": [
"AdminGroup"
],
"mfa_enabled": false,
"password_last_used": "2025-12-11T17:46:35Z",
"user_name": "farhan"
},
{
"access_keys_count": 1,
"arn": "arn:aws:iam::154776478584:user/hamza",
"groups": [
"AdminGroup"
],
"mfa_enabled": false,
"password_last_used": "2026-03-05T15:34:43Z",
"user_name": "hamza"
},
{
"access_keys_count": 0,
"arn": "arn:aws:iam::154776478584:user/salman",
"groups": [
"AdminGroup"
],
"mfa_enabled": false,
"password_last_used": "2026-02-06T23:13:07Z",
"user_name": "salman"
},
{
"access_keys_count": 0,
"arn": "arn:aws:iam::154776478584:user/shevyn",
"groups": [
"AdminGroup"
],
"mfa_enabled": false,
"password_last_used": "2026-02-06T14:39:51Z",
"user_name": "shevyn"
}
],
"total_users": 5
}
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45"
},
"name": "aws_summarize_iam_authentication_posture",
"result": {
"credential_report": {
"access_key_1_active_count": 2,
"access_key_2_active_count": 0,
"mfa_active_count": 1,
"password_enabled_count": 5,
"root_mfa_active": "true",
"sample_users": [
{
"access_key_1_active": "true",
"access_key_2_active": "false",
"mfa_active": "false",
"password_enabled": "false",
"password_last_used": "N/A",
"user": "AbdulHadi"
},
{
"access_key_1_active": "false",
"access_key_2_active": "false",
"mfa_active": "false",
"password_enabled": "true",
"password_last_used": "2025-12-11T17:46:35Z",
"user": "farhan"
},
{
"access_key_1_active": "true",
"access_key_2_active": "false",
"mfa_active": "false",
"password_enabled": "true",
"password_last_used": "2026-03-05T15:34:43Z",
"user": "hamza"
},
{
"access_key_1_active": "false",
"access_key_2_active": "false",
"mfa_active": "false",
"password_enabled": "true",
"password_last_used": "2026-02-06T23:13:07Z",
"user": "salman"
},
{
"access_key_1_active": "false",
"access_key_2_active": "false",
"mfa_active": "false",
"password_enabled": "true",
"password_last_used": "2026-02-06T14:39:51Z",
"user": "shevyn"
}
],
"total_rows": 6
},
"password_policy": {
"exists": false
}
}
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45"
},
"name": "aws_summarize_iam_policy_attachments",
"result": {
"roles_total": 4,
"roles_with_attached_policies_count": 4,
"roles_with_inline_policies_count": 0,
"sample_roles": [
{
"arn": "arn:aws:iam::154776478584:role/Audit",
"attached_policies": [
"arn:aws:iam::aws:policy/SecurityAudit"
],
"inline_policy_names": [],
"max_session_duration": 3600,
"role_name": "Audit"
},
{
"arn": "arn:aws:iam::154776478584:role/aws-service-role/resource-explorer-2.amazonaws.com/AWSServiceRoleForResourceExplorer",
"attached_policies": [
"arn:aws:iam::aws:policy/aws-service-role/AWSResourceExplorerServiceRolePolicy"
],
"inline_policy_names": [],
"max_session_duration": 3600,
"role_name": "AWSServiceRoleForResourceExplorer"
},
{
"arn": "arn:aws:iam::154776478584:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport",
"attached_policies": [
"arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy"
],
"inline_policy_names": [],
"max_session_duration": 3600,
"role_name": "AWSServiceRoleForSupport"
},
{
"arn": "arn:aws:iam::154776478584:role/aws-service-role/trustedadvisor.amazonaws.com/AWSServiceRoleForTrustedAdvisor",
"attached_policies": [
"arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorServiceRolePolicy"
],
"inline_policy_names": [],
"max_session_duration": 3600,
"role_name": "AWSServiceRoleForTrustedAdvisor"
}
],
"sample_users": [
{
"arn": "arn:aws:iam::154776478584:user/AbdulHadi",
"attached_policies": [],
"groups": [],
"inline_policy_names": [],
"user_name": "AbdulHadi"
},
{
"arn": "arn:aws:iam::154776478584:user/farhan",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword"
],
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"user_name": "farhan"
},
{
"arn": "arn:aws:iam::154776478584:user/hamza",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword"
],
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"user_name": "hamza"
},
{
"arn": "arn:aws:iam::154776478584:user/salman",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword"
],
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"user_name": "salman"
},
{
"arn": "arn:aws:iam::154776478584:user/shevyn",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword",
"arn:aws:iam::aws:policy/AWSBillingConductorFullAccess"
],
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"user_name": "shevyn"
}
],
"top_attached_policies": [
{
"count": 4,
"policy_arn": "arn:aws:iam::aws:policy/AdministratorAccess"
},
{
"count": 4,
"policy_arn": "arn:aws:iam::aws:policy/IAMUserChangePassword"
},
{
"count": 1,
"policy_arn": "arn:aws:iam::aws:policy/AWSBillingConductorFullAccess"
},
{
"count": 1,
"policy_arn": "arn:aws:iam::aws:policy/SecurityAudit"
},
{
"count": 1,
"policy_arn": "arn:aws:iam::aws:policy/aws-service-role/AWSResourceExplorerServiceRolePolicy"
},
{
"count": 1,
"policy_arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy"
},
{
"count": 1,
"policy_arn": "arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorServiceRolePolicy"
}
],
"top_inline_policy_names": [],
"users_total": 5,
"users_with_attached_policies_count": 4,
"users_with_inline_policies_count": 0
}
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45"
},
"name": "aws_summarize_cloudtrail_posture",
"result": {
"cloudwatch_logs_integration_trails_count": 0,
"kms_enabled_trails_count": 0,
"log_file_validation_enabled_trails_count": 0,
"logging_enabled_trails_count": 0,
"multi_region_trails_count": 0,
"sample_trails": [],
"total_trails": 0
}
}
],
"tool_plan": {
"tool_calls": [
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45"
},
"name": "aws_default_evidence_snapshot"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45",
"table": "identities"
},
"name": "aws_counts_by_resource_type"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45",
"limit": 50,
"resource_type": "iam_user",
"table": "identities"
},
"name": "aws_list_records"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45",
"limit": 50,
"resource_type": "iam_role",
"table": "identities"
},
"name": "aws_list_records"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45",
"limit": 50,
"resource_type": "iam_group",
"table": "identities"
},
"name": "aws_list_records"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45",
"limit": 50,
"resource_type": "iam_policy",
"table": "identities"
},
"name": "aws_list_records"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45"
},
"name": "aws_summarize_iam_users"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45"
},
"name": "aws_summarize_iam_authentication_posture"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45"
},
"name": "aws_summarize_iam_policy_attachments"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45"
},
"name": "aws_summarize_cloudtrail_posture"
}
]
}
}