fe8ed0ec-a796-4431-a322-2d36e7336640
— Retrievable via GET /ai/narratives/fe8ed0ec-a796-4431-a322-2d36e7336640
AC-2 Account Management (L)(M)(H) - Moderate a. Define and document the types of accounts allowed and specifically prohibited for use within the system; b. Assign account managers; c. Require [Assignment: organization-defined prerequisites and criteria] for group and role membership; d. Specify: 1. Authorized users of the system; 2. Group and role membership; and 3. Access authorizations (i.e., privileges) and [Assignment: organization-defined attributes (as required)] for each account; e. Require approvals by [Assignment: organization-defined personnel or roles] for requests to create accounts; f. Create, enable, modify, disable, and remove accounts in accordance with [Assignment: organization-defined policy, procedures, prerequisites, and criteria]; g. Monitor the use of accounts; h. Notify account managers and [Assignment: organization-defined personnel or roles] within: 1. [FedRAMP Assignment: twenty-four (24) hours] when accounts are no longer required; 2. [FedRAMP Assignment: eight (8) hours] when users are terminated or transferred; and 3. [FedRAMP Assignment: eight (8) hours] when system usage or need-to-know changes for an individual; i. Authorize access to the system based on: 1. A valid access authorization; 2. Intended system usage; and 3. [Assignment: organization-defined attributes (as required)]; j. Review accounts for compliance with account management requirements [FedRAMP Assignment: monthly for privileged accessed, every six (6) months for non-privileged access]; k. Establish and implement a process for changing shared or group account authenticators (if deployed) when individuals are removed from the group; and l. Align account management processes with personnel termination and transfer processes. AC-2 Control Summary Information Responsible Role: Infrastructure, GRC, Account Manager, Customer Parameter AC-2(c): Account provisioning/deprovisioning process for FedRAMP accounts Parameter AC-2(d)(3): The organization attributes Parameter AC-2(e): Group Owners and ISSO Parameter AC-2(f): Access Control policies and procedures Parameter AC-2(h): Group Owners Parameter AC-2(h)(1): twenty-four (24) hours] when accounts are no longer required Parameter AC-2(h)(2): eight (8) hours Parameter AC-2(h)(3): eight (8) hours Parameter AC-2(i)(3): The organization account attributes (as required) Parameter AC-2(j): monthly for privileged accessed, every six (6) months for non-privileged access Implementation Status (check all that apply): ☐ Implemented ☒ Partially Implemented ☐ Planned ☐ Alternative implementation ☐ Not Applicable Control Origination (check all that apply): ☐ Service Provider Corporate ☐ Service Provider System Specific ☐ Service Provider Hybrid (Corporate and System Specific) ☐ Configured by Customer (Customer System Specific) ☐ Provided by Customer (Customer System Specific) ☒ Shared (Service Provider and Customer Responsibility) ☒ Inherited from pre-existing FedRAMP Authorization for AI-Agent, 02/18/2026
AC-2 What is the solution and how is it implemented? Part a: Infrastructure: The organization implements account management on AWS, inheriting underlying account and identity service capabilities from the AWS FedRAMP authorization boundary (AI-Agent, 02/18/2026). AWS IAM constructs (users, roles, groups, and service-linked roles) are used to support system administration and service operations within the authorized environment.
Application:
The organization maintains governance for account type usage through documented access control policies and procedures intended to define allowed and prohibited account types for the system, including named individual accounts for workforce users, role-based administrative access, and service accounts aligned to operational needs. Current implementation reflects use of AWS IAM users and roles (including a designated audit-oriented role mapped to the AWS managed “SecurityAudit” policy), group-based privileged access assignments (e.g., administrative group membership), and AWS service-linked roles required for AWS service integration.
As part of continuous monitoring, the organization is formalizing and consolidating account type definitions (e.g., user/privileged/service/system), prohibited account classes, and lifecycle requirements; residual risk and completion activities are tracked through the POA&M process and reviewed as part of ongoing security governance.
Customer Responsibility: Customers are responsible for defining and documenting allowed/prohibited account types for identities they administer within their tenant and for ensuring tenant-specific identities align to organizational policies and FedRAMP expectations. The organization provides an initial tenant administrator capability (as applicable) to enable customer onboarding and delegated administration.
Part b: Infrastructure: The organization leverages AWS IAM administrative constructs within the AWS authorized environment (AI-Agent, 02/18/2026) to support assignment of account administration responsibilities through role-based access and delegated permissions.
Application: The organization assigns account management responsibilities to designated personnel (e.g., Account Managers/Group Owners) with oversight by GRC and security leadership. Privileged access administration is implemented using AWS IAM group-based assignments for administrative users, supporting clear delineation of privileged account administrators. Requests and changes are governed through documented procedures and tracked through the organization’s ticketing workflow to provide accountability (requestor, approver, implementer, timestamps, and closure). Where process standardization enhancements are in progress (e.g., formal assignment records for all account categories), the organization manages residual risk through continuous monitoring and POA&M tracking.
Customer Responsibility: Customers assign account managers for customer-managed users and privileges within their tenant scope and ensure customer-side administrative responsibilities are documented and executed in accordance with their internal governance.
Part c: Infrastructure: AWS IAM provides the technical enforcement mechanisms for prerequisites and criteria associated with group and role membership (AI-Agent, 02/18/2026), including managed policies, role trust policies, and conditional access controls.
Application:
The organization applies organization-defined prerequisites and criteria for privileged group and role membership, including documented business justification, role alignment (least privilege), and approval by designated access authorities. Implementation uses AWS IAM groups/roles to enforce entitlement boundaries (e.g., administrative group membership and an audit-oriented role).
The organization is strengthening formal documentation and evidence retention for prerequisites (e.g., MFA requirements, password policy alignment, and training/Rules of Behavior prerequisites where applicable) to ensure consistent application across all account types. These enhancements and associated timelines are managed through the POA&M process as part of continuous monitoring.
Customer Responsibility: Customers define and enforce prerequisites for customer-managed tenant roles and groups, including any customer-specific attribute requirements, approval workflows, and onboarding requirements.
Part d: Infrastructure: AWS IAM provides authoritative constructs to define authorized users, role/group memberships, and access authorizations through policies, permissions boundaries, and role assumptions (AI-Agent, 02/18/2026).
Application:
The organization specifies authorized users, privileged role/group membership, and access authorizations using AWS IAM users, roles, and groups. Current implementation includes named IAM users and assigned privileged group membership for administrative functions, as well as an audit-oriented role aligned to read-only audit permissions (AWS managed “SecurityAudit” policy). Service-linked roles are used to support AWS services as required for platform functionality.
The organization is maturing authoritative account inventory and attribute documentation (e.g., owner, purpose, authorized user, role/group membership, and entitlements) to strengthen traceability and support periodic recertification. Inventory and attribute standardization activities are tracked in the POA&M and reviewed through continuous monitoring.
Customer Responsibility: Customers are responsible for specifying authorized users, group and role membership, and access authorizations for identities they manage within their tenant scope, including any customer-defined attributes required to support their mission and compliance obligations.
Part e: Infrastructure: AWS IAM supports enforcement of controlled account creation via privileged administrative roles and permission scoping (AI-Agent, 02/18/2026), enabling separation between request/approval and technical provisioning.
Application:
The organization requires approvals by organization-defined personnel/roles (e.g., Group Owners/Account Managers and security leadership/ISSO as applicable) prior to provisioning accounts or granting privileged access. Approvals are governed through documented procedures and captured through the organization’s access request workflow to maintain an auditable record of approvals and implementation actions.
Where enhancements are underway to ensure consistent evidence retention and standardized approval criteria across all account types and environments, the organization manages residual risk through POA&M tracking and continuous monitoring.
Customer Responsibility: Customers are responsible for requiring approvals for tenant-level account creation and access changes under customer administration, consistent with customer governance and FedRAMP timelines where applicable.
Part f: Infrastructure: AWS IAM provides the mechanisms to create, enable, modify, disable, and remove accounts and associated entitlements (AI-Agent, 02/18/2026), including user/role lifecycle operations and policy management.
Application:
The organization executes account lifecycle actions (create/enable/modify/disable/remove) through AWS IAM administrative processes aligned to documented access control procedures. Account constructs in use (IAM users, roles, groups, and service-linked roles) support controlled entitlement assignment and administrative segregation. Lifecycle actions are intended to be initiated through the ticketing workflow with approval, implementation, and closure evidence retained for auditability.
The organization is further formalizing account lifecycle procedures to fully address AC-2 requirements (a)-(l), including explicit lifecycle criteria, prerequisites, and standardized evidence for all lifecycle events; associated activities are tracked via POA&M and reviewed through continuous monitoring.
Customer Responsibility: Customers manage lifecycle actions for customer-controlled identities within their tenant scope, including timely deprovisioning and entitlement changes according to customer policy and FedRAMP requirements applicable to their environment.
Part g: Infrastructure: AWS provides native logging sources for account usage monitoring (e.g., AWS CloudTrail and related services) within the authorized environment (AI-Agent, 02/18/2026), supporting collection of IAM and management-plane activity.
Application:
The organization monitors account usage through security monitoring processes intended to identify suspicious or unauthorized activity, including privileged role usage and account management events. Current implementation includes role-based access constructs that support monitoring of privileged access paths; the organization is strengthening audit logging coverage for account management activity (e.g., CloudTrail enablement and central log integration/retention) as part of continuous monitoring.
Logging and monitoring enhancements, including retention alignment and operational review/alerting for account management events, are managed risk and tracked through the POA&M process.
Customer Responsibility: Customers monitor account usage for customer-managed identities and activities within their tenant scope, including review of customer-available logs and any customer-operated monitoring integrations.
Part h: Infrastructure: AWS IAM and logging services support time-bound notification and traceability for account lifecycle events through administrative actions and recorded events (AI-Agent, 02/18/2026).
Application:
The organization’s procedures require notification to account managers and organization-defined personnel/roles within FedRAMP-defined timelines for account status changes:
1. Within twenty-four (24) hours when accounts are no longer required;
2. Within eight (8) hours when users are terminated or transferred; and
3. Within eight (8) hours when system usage or need-to-know changes for an individual.
Notifications are operationalized through the organization’s workflow-based request process and supporting security operations monitoring. The organization is maturing the evidentiary linkage between HR/personnel events, access change initiation, and completion timestamps to consistently demonstrate adherence to the defined SLAs; this maturation is tracked in the POA&M and evaluated through continuous monitoring.
Customer Responsibility: Customers implement notification mechanisms and operational procedures for customer-managed identities within their tenant, aligning customer actions to FedRAMP notification timeframes where applicable to customer administration.
Part i: Infrastructure: AWS IAM enforces access authorization through policies, role assumption, and conditional controls within the authorized AWS environment (AI-Agent, 02/18/2026).
Application:
The organization authorizes access based on (1) valid access authorization, (2) intended system usage, and (3) organization-defined attributes as required. Access is implemented using AWS IAM roles/groups/policies, including privileged administrative group membership and an audit-oriented role aligned to audit functions. Authorization decisions are governed through documented approval workflows and are intended to be revalidated through periodic reviews (Part j).
Where additional attribute documentation and least-privilege refinement are being expanded (e.g., RBAC purpose statements and minimization of broad administrative entitlements), the organization manages residual risk through continuous monitoring and POA&M tracking.
Customer Responsibility: Customers authorize and manage access for customer-controlled identities within their tenant scope, including ensuring authorizations align to intended usage, valid approvals, and customer-defined attributes.
Part j: Infrastructure: AWS IAM supports periodic account review through reporting/export capabilities and inspection of users, roles, groups, and attached policies (AI-Agent, 02/18/2026).
Application:
The organization performs periodic account reviews aligned to FedRAMP requirements: monthly for privileged access and every six (6) months for non-privileged access. Reviews are governed by documented procedures and include evaluation of privileged group membership, role assignments, and continued need for access. Findings are tracked to closure through the organization’s remediation and ticketing processes, with outcomes recorded for audit support.
The organization is further strengthening review evidence artifacts (e.g., authoritative account inventory exports with required attributes, documented reviewer sign-off, exception handling, and remediation completion evidence). Enhancements and residual risk are tracked in the POA&M and reviewed through continuous monitoring.
Customer Responsibility: Customers conduct periodic reviews for customer-managed identities within their tenant scope at the required frequencies and track remediation outcomes according to customer governance.
Part k: Infrastructure: AWS IAM provides mechanisms to rotate or change authenticators/credentials (where applicable) and to control access to shared emergency mechanisms within the authorized environment (AI-Agent, 02/18/2026).
Application:
The organization maintains procedures addressing shared/group account authenticator changes for scenarios where such mechanisms are used (e.g., emergency/break-glass). Current account management implementation emphasizes named user accounts and role-based access; where shared/group authenticators are introduced for defined use cases, the organization’s procedures require prompt authenticator change when individuals are removed, with changes tracked and approved through the organization’s workflow. Periodic reviews (Part j) include validation activities intended to identify and manage any shared account risks.
Formalization of shared authenticator governance, including evidence retention and verification steps (if such accounts are used), is managed as part of continuous monitoring and tracked through the POA&M as applicable.
Customer Responsibility: Customers establish and implement processes to change shared/group account authenticators for customer-managed shared mechanisms (if used) within their tenant scope, including timely rotation upon membership changes.
Part l: Infrastructure: AWS IAM supports timely deprovisioning and access modification aligned to personnel status changes through administrative enforcement and auditable changes (AI-Agent, 02/18/2026).
Application:
The organization aligns account management processes with personnel termination and transfer processes through coordinated HR/security operations procedures intended to initiate timely access changes, deprovisioning, and entitlement adjustments. Account lifecycle actions are tracked through workflow mechanisms and monitored through security operations processes to support required timelines and accountability.
The organization is strengthening end-to-end linkage evidence (HR trigger → access change request → completion within SLA) to support consistent demonstration of alignment with FedRAMP timelines; these enhancements are tracked through the POA&M and reviewed through continuous monitoring. Related personnel controls are addressed in PS-family control narratives.
Customer Responsibility: Customers align customer-managed account actions with customer personnel termination and transfer processes within their tenant scope, including timely revocation and modification of access based on personnel status changes.
High-level planning + tools used (no chain-of-thought). This helps validate the narrative is evidence-driven.
| Tool | Args | Result |
|---|---|---|
aws_default_evidence_snapshot |
{
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91"
} |
ok |
aws_summarize_iam_authentication_posture |
{
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91"
} |
ok |
aws_summarize_iam_users |
{
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91"
} |
ok |
aws_summarize_iam_policy_attachments |
{
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91"
} |
ok |
aws_list_records |
{
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91",
"limit": 50,
"resource_type": "iam_user",
"table": "identities"
} |
ok |
aws_list_records |
{
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91",
"limit": 50,
"resource_type": "iam_role",
"table": "identities"
} |
ok |
aws_list_records |
{
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91",
"limit": 50,
"resource_type": "iam_group",
"table": "identities"
} |
ok |
aws_summarize_cloudtrail_posture |
{
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91"
} |
ok |
aws_summarize_cloudwatch_log_groups |
{
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91"
} |
ok |
The exact evidence data the AI model used to generate this narrative. Stored with every generated narrative for traceability (AU-3).
{
"account_id": "154776478584",
"analysis": {
"assessor_summary": [
"Define and document account lifecycle processes (provisioning, modification, disabling, removal).",
"Maintain an authoritative inventory of user, privileged, service, and system accounts.",
"Enforce role-based access, approvals, and separation of duties for account actions.",
"Implement periodic account reviews/recertifications with evidence of remediation.",
"Apply least privilege, disable inactive/unused accounts, and promptly remove terminated users.",
"Log and monitor account management events and privileged account activity."
],
"evidence_needs": [
"Account management policy and procedures (lifecycle, approvals, deprovisioning timelines)",
"System Security Plan (SSP) control implementation statement for AC-2",
"Authoritative account inventory export (users, admins, service accounts) with key attributes",
"Role/group/entitlement mapping documentation (RBAC model, group purpose statements)",
"Provisioning and deprovisioning workflow artifacts (tickets/requests/approvals) with samples",
"HR-to-IT offboarding and transfer process records with timing evidence",
"Account review/recertification reports (periodic) and remediation tracking",
"Inactive/dormant account detection criteria and disablement evidence",
"Privileged account management process and inventory (admin roles, break-glass, service accounts)",
"Service account governance (ownership, purpose, credential rotation, usage restrictions)",
"Account creation/modification/disablement audit logs and SIEM alerts (samples)",
"Access control configuration evidence from IAM/IdP and key applications (screenshots/exports)",
"Exception/waiver records for account lifecycle deviations (if any)",
"Metrics or attestations demonstrating timeliness and completeness of account actions"
],
"preferred_tables": [
"identities",
"assets",
"network_components",
"data_stores"
]
},
"control_id": "AC-2",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91",
"tool_calls": [
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91"
},
"name": "aws_default_evidence_snapshot"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91"
},
"name": "aws_summarize_iam_authentication_posture"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91"
},
"name": "aws_summarize_iam_users"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91"
},
"name": "aws_summarize_iam_policy_attachments"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91",
"limit": 50,
"resource_type": "iam_user",
"table": "identities"
},
"name": "aws_list_records"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91",
"limit": 50,
"resource_type": "iam_role",
"table": "identities"
},
"name": "aws_list_records"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91",
"limit": 50,
"resource_type": "iam_group",
"table": "identities"
},
"name": "aws_list_records"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91"
},
"name": "aws_summarize_cloudtrail_posture"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91"
},
"name": "aws_summarize_cloudwatch_log_groups"
}
],
"tool_outputs": [
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91"
},
"name": "aws_default_evidence_snapshot",
"result": {
"counts": {
"assets": [
{
"count": 3,
"resource_type": "ebs_volume"
},
{
"count": 2,
"resource_type": "ec2_instance"
}
],
"data_stores": [],
"identities": [
{
"count": 1,
"resource_type": "iam_password_policy"
},
{
"count": 4,
"resource_type": "iam_role"
},
{
"count": 5,
"resource_type": "iam_user"
}
],
"network_components": [
{
"count": 1,
"resource_type": "internet_gateway"
},
{
"count": 1,
"resource_type": "network_acl"
},
{
"count": 1,
"resource_type": "route_table"
},
{
"count": 3,
"resource_type": "security_group"
},
{
"count": 6,
"resource_type": "subnet"
},
{
"count": 1,
"resource_type": "vpc"
}
]
},
"summaries": {
"cloudtrail": {
"cloudwatch_logs_integration_trails_count": 0,
"kms_enabled_trails_count": 0,
"log_file_validation_enabled_trails_count": 0,
"logging_enabled_trails_count": 0,
"multi_region_trails_count": 0,
"sample_trails": [],
"total_trails": 0
},
"cloudwatch_logs": {
"kms_encrypted_log_groups_count": 0,
"log_groups_with_retention_count": 0,
"log_groups_without_retention_count": 0,
"sample_log_groups_without_retention": [],
"total_log_groups": 0
},
"cm8_inventory": {
"counts": {
"assets": [
{
"count": 3,
"resource_type": "ebs_volume"
},
{
"count": 2,
"resource_type": "ec2_instance"
}
],
"data_stores": [],
"identities": [
{
"count": 1,
"resource_type": "iam_password_policy"
},
{
"count": 4,
"resource_type": "iam_role"
},
{
"count": 5,
"resource_type": "iam_user"
}
],
"network_components": [
{
"count": 1,
"resource_type": "internet_gateway"
},
{
"count": 1,
"resource_type": "network_acl"
},
{
"count": 1,
"resource_type": "route_table"
},
{
"count": 3,
"resource_type": "security_group"
},
{
"count": 6,
"resource_type": "subnet"
},
{
"count": 1,
"resource_type": "vpc"
}
]
},
"ebs_volumes": {
"encrypted_volumes_count": 0,
"sample_unencrypted_volumes": [
{
"attachments": [
{
"attach_time": "2022-09-10 19:16:37+00:00",
"delete_on_termination": true,
"device": "/dev/sda1",
"instance_id": "i-0322a28bf1a8a68c5",
"state": "attached"
}
],
"region": "us-east-1",
"size_gb": 10,
"volume_id": "vol-0402ca2f2f3be9e94"
},
{
"attachments": [
{
"attach_time": "2022-08-28 20:05:24+00:00",
"delete_on_termination": true,
"device": "/dev/sdb",
"instance_id": "i-0601780d500bb51ea",
"state": "attached"
}
],
"region": "us-east-1",
"size_gb": 10,
"volume_id": "vol-017cf162462cc1786"
},
{
"attachments": [
{
"attach_time": "2022-08-28 20:05:24+00:00",
"delete_on_termination": true,
"device": "/dev/sda1",
"instance_id": "i-0601780d500bb51ea",
"state": "attached"
}
],
"region": "us-east-1",
"size_gb": 20,
"volume_id": "vol-05e6fd7a0bd29300e"
}
],
"total_volumes": 3,
"unencrypted_volumes_count": 3
}
},
"ec2_instances": {
"monitoring_enabled_count": 0,
"sample_instances": [
{
"iam_instance_profile": null,
"instance_id": "i-0601780d500bb51ea",
"instance_type": "t2.medium",
"monitoring_enabled": false,
"region": "us-east-1",
"security_group_ids": [
"sg-090ff45d5d6ad1cd4"
],
"state": "stopped",
"subnet_id": "subnet-0b8c568bc3659b486",
"tags": {
"Name": "First Instance"
},
"vpc_id": "vpc-033668c99bb7641b0"
},
{
"iam_instance_profile": null,
"instance_id": "i-0322a28bf1a8a68c5",
"instance_type": "t2.micro",
"monitoring_enabled": false,
"region": "us-east-1",
"security_group_ids": [
"sg-090ff45d5d6ad1cd4"
],
"state": "stopped",
"subnet_id": "subnet-05c9a438bb7c68867",
"tags": {
"Name": "Second Instance"
},
"vpc_id": "vpc-033668c99bb7641b0"
}
],
"states": {
"stopped": 2
},
"total_instances": 2
},
"iam_authentication_posture": {
"credential_report": null,
"password_policy": {
"exists": false
}
},
"iam_policy_attachments": {
"roles_total": 4,
"roles_with_attached_policies_count": 4,
"roles_with_inline_policies_count": 0,
"sample_roles": [
{
"arn": "arn:aws:iam::154776478584:role/Audit",
"attached_policies": [
"arn:aws:iam::aws:policy/SecurityAudit"
],
"inline_policy_names": [],
"max_session_duration": 3600,
"role_name": "Audit"
},
{
"arn": "arn:aws:iam::154776478584:role/aws-service-role/resource-explorer-2.amazonaws.com/AWSServiceRoleForResourceExplorer",
"attached_policies": [
"arn:aws:iam::aws:policy/aws-service-role/AWSResourceExplorerServiceRolePolicy"
],
"inline_policy_names": [],
"max_session_duration": 3600,
"role_name": "AWSServiceRoleForResourceExplorer"
},
{
"arn": "arn:aws:iam::154776478584:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport",
"attached_policies": [
"arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy"
],
"inline_policy_names": [],
"max_session_duration": 3600,
"role_name": "AWSServiceRoleForSupport"
},
{
"arn": "arn:aws:iam::154776478584:role/aws-service-role/trustedadvisor.amazonaws.com/AWSServiceRoleForTrustedAdvisor",
"attached_policies": [
"arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorServiceRolePolicy"
],
"inline_policy_names": [],
"max_session_duration": 3600,
"role_name": "AWSServiceRoleForTrustedAdvisor"
}
],
"sample_users": [
{
"arn": "arn:aws:iam::154776478584:user/AbdulHadi",
"attached_policies": [],
"groups": [],
"inline_policy_names": [],
"user_name": "AbdulHadi"
},
{
"arn": "arn:aws:iam::154776478584:user/farhan",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword"
],
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"user_name": "farhan"
},
{
"arn": "arn:aws:iam::154776478584:user/hamza",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword"
],
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"user_name": "hamza"
},
{
"arn": "arn:aws:iam::154776478584:user/salman",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword"
],
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"user_name": "salman"
},
{
"arn": "arn:aws:iam::154776478584:user/shevyn",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword",
"arn:aws:iam::aws:policy/AWSBillingConductorFullAccess"
],
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"user_name": "shevyn"
}
],
"top_attached_policies": [
{
"count": 4,
"policy_arn": "arn:aws:iam::aws:policy/AdministratorAccess"
},
{
"count": 4,
"policy_arn": "arn:aws:iam::aws:policy/IAMUserChangePassword"
},
{
"count": 1,
"policy_arn": "arn:aws:iam::aws:policy/AWSBillingConductorFullAccess"
},
{
"count": 1,
"policy_arn": "arn:aws:iam::aws:policy/SecurityAudit"
},
{
"count": 1,
"policy_arn": "arn:aws:iam::aws:policy/aws-service-role/AWSResourceExplorerServiceRolePolicy"
},
{
"count": 1,
"policy_arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy"
},
{
"count": 1,
"policy_arn": "arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorServiceRolePolicy"
}
],
"top_inline_policy_names": [],
"users_total": 5,
"users_with_attached_policies_count": 4,
"users_with_inline_policies_count": 0
},
"iam_users": {
"active_access_keys_count": 2,
"mfa_disabled_count": 5,
"mfa_enabled_count": 0,
"sample_users": [
{
"access_keys_count": 1,
"arn": "arn:aws:iam::154776478584:user/AbdulHadi",
"groups": [],
"mfa_enabled": false,
"password_last_used": "None",
"user_name": "AbdulHadi"
},
{
"access_keys_count": 0,
"arn": "arn:aws:iam::154776478584:user/farhan",
"groups": [
"AdminGroup"
],
"mfa_enabled": false,
"password_last_used": "2025-12-11T17:46:35Z",
"user_name": "farhan"
},
{
"access_keys_count": 1,
"arn": "arn:aws:iam::154776478584:user/hamza",
"groups": [
"AdminGroup"
],
"mfa_enabled": false,
"password_last_used": "2026-03-04T23:03:00Z",
"user_name": "hamza"
},
{
"access_keys_count": 0,
"arn": "arn:aws:iam::154776478584:user/salman",
"groups": [
"AdminGroup"
],
"mfa_enabled": false,
"password_last_used": "2026-02-06T23:13:07Z",
"user_name": "salman"
},
{
"access_keys_count": 0,
"arn": "arn:aws:iam::154776478584:user/shevyn",
"groups": [
"AdminGroup"
],
"mfa_enabled": false,
"password_last_used": "2026-02-06T14:39:51Z",
"user_name": "shevyn"
}
],
"total_users": 5
},
"network_boundary": {
"counts_by_resource_type": {
"internet_gateway": 1,
"network_acl": 1,
"route_table": 1,
"security_group": 3,
"subnet": 6,
"vpc": 1
},
"sample": {
"internet_gateway": [
{
"id": "igw-0c2d9b6f737cc026e",
"region": "us-east-1",
"summary": {
"attachments": [
{
"State": "available",
"VpcId": "vpc-033668c99bb7641b0"
}
],
"internet_gateway_id": "igw-0c2d9b6f737cc026e",
"tags": {}
},
"vpc_id": "vpc-033668c99bb7641b0"
}
],
"nat_gateway": [],
"network_acl": [
{
"id": "acl-06660319533dddb32",
"region": "us-east-1",
"summary": {
"associations": [
{
"network_acl_association_id": "aclassoc-0c29b39b3fcdfb473",
"subnet_id": "subnet-006336d9696975386"
},
{
"network_acl_association_id": "aclassoc-0618ec8477cd3a5d2",
"subnet_id": "subnet-0b8c568bc3659b486"
},
{
"network_acl_association_id": "aclassoc-02f93f4972febca91",
"subnet_id": "subnet-0c567848e2f3285b9"
},
{
"network_acl_association_id": "aclassoc-0dcb08e13e94dc611",
"subnet_id": "subnet-05c9a438bb7c68867"
},
{
"network_acl_association_id": "aclassoc-0b2e9a777557a332d",
"subnet_id": "subnet-0b3e792cb9abb6b15"
},
{
"network_acl_association_id": "aclassoc-01cbb62a80cdc5353",
"subnet_id": "subnet-06c23e873cdba6e94"
}
],
"entries": [
{
"cidr_block": "0.0.0.0/0",
"egress": true,
"ipv6_cidr_block": null,
"port_range": null,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100
},
{
"cidr_block": "0.0.0.0/0",
"egress": true,
"ipv6_cidr_block": null,
"port_range": null,
"protocol": "-1",
"rule_action": "deny",
"rule_number": 32767
},
{
"cidr_block": "0.0.0.0/0",
"egress": false,
"ipv6_cidr_block": null,
"port_range": null,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100
},
{
"cidr_block": "0.0.0.0/0",
"egress": false,
"ipv6_cidr_block": null,
"port_range": null,
"protocol": "-1",
"rule_action": "deny",
"rule_number": 32767
}
],
"is_default": true,
"network_acl_id": "acl-06660319533dddb32",
"tags": {},
"vpc_id": "vpc-033668c99bb7641b0"
},
"vpc_id": "vpc-033668c99bb7641b0"
}
],
"route_table": [
{
"id": "rtb-0e286a42d0f5851da",
"region": "us-east-1",
"summary": {
"associations": [
{
"association_id": "rtbassoc-04fbdfbd5f3d513a8",
"gateway_id": null,
"main": true,
"subnet_id": null
}
],
"route_table_id": "rtb-0e286a42d0f5851da",
"routes": [
{
"destination_cidr_block": "172.31.0.0/16",
"destination_ipv6_cidr_block": null,
"gateway_id": "local",
"instance_id": null,
"nat_gateway_id": null,
"origin": "CreateRouteTable",
"state": "active",
"transit_gateway_id": null,
"vpc_peering_connection_id": null
},
{
"destination_cidr_block": "0.0.0.0/0",
"destination_ipv6_cidr_block": null,
"gateway_id": "igw-0c2d9b6f737cc026e",
"instance_id": null,
"nat_gateway_id": null,
"origin": "CreateRoute",
"state": "active",
"transit_gateway_id": null,
"vpc_peering_connection_id": null
}
],
"tags": {},
"vpc_id": "vpc-033668c99bb7641b0"
},
"vpc_id": "vpc-033668c99bb7641b0"
}
],
"vpc_endpoint": []
}
},
"rds_instances": {
"encrypted_rds_instances_count": 0,
"publicly_accessible_rds_instances_count": 0,
"sample_unencrypted_rds_instances": [],
"total_rds_instances": 0,
"unencrypted_rds_instances_count": 0
},
"s3_buckets": {
"encrypted_buckets_count": 0,
"public_access_block_missing_count": 0,
"sample_unencrypted_buckets": [],
"total_buckets": 0,
"unencrypted_buckets_count": 0
},
"security_groups": {
"sample_world_open_security_groups": [
{
"group_id": "sg-090ff45d5d6ad1cd4",
"group_name": "launch-wizard-1",
"open_ingress_rules": [
{
"cidr_blocks": [
"0.0.0.0/0"
],
"description": null,
"from_port": 22,
"ipv6_cidr_blocks": [],
"protocol": "tcp",
"to_port": 22
}
],
"vpc_id": "vpc-033668c99bb7641b0"
},
{
"group_id": "sg-00b9a1b8acdc7534e",
"group_name": "launch-wizard-2",
"open_ingress_rules": [
{
"cidr_blocks": [
"0.0.0.0/0"
],
"description": null,
"from_port": 3389,
"ipv6_cidr_blocks": [],
"protocol": "tcp",
"to_port": 3389
}
],
"vpc_id": "vpc-033668c99bb7641b0"
}
],
"security_groups_with_world_open_ingress_count": 2,
"total_security_groups": 3,
"world_open_ingress_rule_count": 2
},
"vpc_flow_logs": {
"deliver_logs_success_count": 0,
"sample_flow_logs": [],
"total_flow_logs": 0
}
}
}
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91"
},
"name": "aws_summarize_iam_authentication_posture",
"result": {
"credential_report": null,
"password_policy": {
"exists": false
}
}
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91"
},
"name": "aws_summarize_iam_users",
"result": {
"active_access_keys_count": 2,
"mfa_disabled_count": 5,
"mfa_enabled_count": 0,
"sample_users": [
{
"access_keys_count": 1,
"arn": "arn:aws:iam::154776478584:user/AbdulHadi",
"groups": [],
"mfa_enabled": false,
"password_last_used": "None",
"user_name": "AbdulHadi"
},
{
"access_keys_count": 0,
"arn": "arn:aws:iam::154776478584:user/farhan",
"groups": [
"AdminGroup"
],
"mfa_enabled": false,
"password_last_used": "2025-12-11T17:46:35Z",
"user_name": "farhan"
},
{
"access_keys_count": 1,
"arn": "arn:aws:iam::154776478584:user/hamza",
"groups": [
"AdminGroup"
],
"mfa_enabled": false,
"password_last_used": "2026-03-04T23:03:00Z",
"user_name": "hamza"
},
{
"access_keys_count": 0,
"arn": "arn:aws:iam::154776478584:user/salman",
"groups": [
"AdminGroup"
],
"mfa_enabled": false,
"password_last_used": "2026-02-06T23:13:07Z",
"user_name": "salman"
},
{
"access_keys_count": 0,
"arn": "arn:aws:iam::154776478584:user/shevyn",
"groups": [
"AdminGroup"
],
"mfa_enabled": false,
"password_last_used": "2026-02-06T14:39:51Z",
"user_name": "shevyn"
}
],
"total_users": 5
}
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91"
},
"name": "aws_summarize_iam_policy_attachments",
"result": {
"roles_total": 4,
"roles_with_attached_policies_count": 4,
"roles_with_inline_policies_count": 0,
"sample_roles": [
{
"arn": "arn:aws:iam::154776478584:role/Audit",
"attached_policies": [
"arn:aws:iam::aws:policy/SecurityAudit"
],
"inline_policy_names": [],
"max_session_duration": 3600,
"role_name": "Audit"
},
{
"arn": "arn:aws:iam::154776478584:role/aws-service-role/resource-explorer-2.amazonaws.com/AWSServiceRoleForResourceExplorer",
"attached_policies": [
"arn:aws:iam::aws:policy/aws-service-role/AWSResourceExplorerServiceRolePolicy"
],
"inline_policy_names": [],
"max_session_duration": 3600,
"role_name": "AWSServiceRoleForResourceExplorer"
},
{
"arn": "arn:aws:iam::154776478584:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport",
"attached_policies": [
"arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy"
],
"inline_policy_names": [],
"max_session_duration": 3600,
"role_name": "AWSServiceRoleForSupport"
},
{
"arn": "arn:aws:iam::154776478584:role/aws-service-role/trustedadvisor.amazonaws.com/AWSServiceRoleForTrustedAdvisor",
"attached_policies": [
"arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorServiceRolePolicy"
],
"inline_policy_names": [],
"max_session_duration": 3600,
"role_name": "AWSServiceRoleForTrustedAdvisor"
}
],
"sample_users": [
{
"arn": "arn:aws:iam::154776478584:user/AbdulHadi",
"attached_policies": [],
"groups": [],
"inline_policy_names": [],
"user_name": "AbdulHadi"
},
{
"arn": "arn:aws:iam::154776478584:user/farhan",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword"
],
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"user_name": "farhan"
},
{
"arn": "arn:aws:iam::154776478584:user/hamza",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword"
],
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"user_name": "hamza"
},
{
"arn": "arn:aws:iam::154776478584:user/salman",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword"
],
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"user_name": "salman"
},
{
"arn": "arn:aws:iam::154776478584:user/shevyn",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword",
"arn:aws:iam::aws:policy/AWSBillingConductorFullAccess"
],
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"user_name": "shevyn"
}
],
"top_attached_policies": [
{
"count": 4,
"policy_arn": "arn:aws:iam::aws:policy/AdministratorAccess"
},
{
"count": 4,
"policy_arn": "arn:aws:iam::aws:policy/IAMUserChangePassword"
},
{
"count": 1,
"policy_arn": "arn:aws:iam::aws:policy/AWSBillingConductorFullAccess"
},
{
"count": 1,
"policy_arn": "arn:aws:iam::aws:policy/SecurityAudit"
},
{
"count": 1,
"policy_arn": "arn:aws:iam::aws:policy/aws-service-role/AWSResourceExplorerServiceRolePolicy"
},
{
"count": 1,
"policy_arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy"
},
{
"count": 1,
"policy_arn": "arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorServiceRolePolicy"
}
],
"top_inline_policy_names": [],
"users_total": 5,
"users_with_attached_policies_count": 4,
"users_with_inline_policies_count": 0
}
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91",
"limit": 50,
"resource_type": "iam_user",
"table": "identities"
},
"name": "aws_list_records",
"result": [
{
"account_id": "154776478584",
"data": {
"access_keys": [
{
"access_key_id": "AKIASICLFUN4GJGPP5SM",
"create_date": "2026-02-08 19:33:09+00:00",
"status": "Active"
}
],
"arn": "arn:aws:iam::154776478584:user/AbdulHadi",
"attached_policies": [],
"create_date": "2026-02-08T19:30:25Z",
"groups": [],
"inline_policy_names": [],
"mfa_enabled": false,
"password_last_used": null,
"path": "/",
"tags": {},
"user_id": "AIDASICLFUN4CYQMP6UHX",
"user_name": "AbdulHadi"
},
"id": "6d519866-c220-41b0-83c6-d5e14834b931",
"region": "global",
"resource_id": "arn:aws:iam::154776478584:user/AbdulHadi",
"resource_type": "iam_user"
},
{
"account_id": "154776478584",
"data": {
"access_keys": [],
"arn": "arn:aws:iam::154776478584:user/farhan",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword"
],
"create_date": "2025-12-10T19:58:27Z",
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"mfa_enabled": false,
"password_last_used": "2025-12-11T17:46:35Z",
"path": "/",
"tags": {},
"user_id": "AIDASICLFUN4FFOJTKWPM",
"user_name": "farhan"
},
"id": "3dd3242c-3245-4bec-88d1-c0f44d4ae9d8",
"region": "global",
"resource_id": "arn:aws:iam::154776478584:user/farhan",
"resource_type": "iam_user"
},
{
"account_id": "154776478584",
"data": {
"access_keys": [
{
"access_key_id": "AKIASICLFUN4N52MO3HS",
"create_date": "2026-02-08 19:38:08+00:00",
"status": "Active"
}
],
"arn": "arn:aws:iam::154776478584:user/hamza",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword"
],
"create_date": "2026-02-06T16:33:09Z",
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"mfa_enabled": false,
"password_last_used": "2026-03-04T23:03:00Z",
"path": "/",
"tags": {},
"user_id": "AIDASICLFUN4O7C7EIDXC",
"user_name": "hamza"
},
"id": "25f6c6c3-3adf-44a0-9a63-32fa54914046",
"region": "global",
"resource_id": "arn:aws:iam::154776478584:user/hamza",
"resource_type": "iam_user"
},
{
"account_id": "154776478584",
"data": {
"access_keys": [],
"arn": "arn:aws:iam::154776478584:user/salman",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword"
],
"create_date": "2026-02-06T16:45:47Z",
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"mfa_enabled": false,
"password_last_used": "2026-02-06T23:13:07Z",
"path": "/",
"tags": {},
"user_id": "AIDASICLFUN4P6MJ4IIOH",
"user_name": "salman"
},
"id": "c4fb4290-7566-4858-96c8-674fbbddd870",
"region": "global",
"resource_id": "arn:aws:iam::154776478584:user/salman",
"resource_type": "iam_user"
},
{
"account_id": "154776478584",
"data": {
"access_keys": [],
"arn": "arn:aws:iam::154776478584:user/shevyn",
"attached_policies": [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMUserChangePassword",
"arn:aws:iam::aws:policy/AWSBillingConductorFullAccess"
],
"create_date": "2025-12-10T19:52:34Z",
"groups": [
"AdminGroup"
],
"inline_policy_names": [],
"mfa_enabled": false,
"password_last_used": "2026-02-06T14:39:51Z",
"path": "/",
"tags": {},
"user_id": "AIDASICLFUN4A2TYI27PZ",
"user_name": "shevyn"
},
"id": "ed2c9f51-1d08-4337-843d-c26b05eb69b6",
"region": "global",
"resource_id": "arn:aws:iam::154776478584:user/shevyn",
"resource_type": "iam_user"
}
]
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91",
"limit": 50,
"resource_type": "iam_role",
"table": "identities"
},
"name": "aws_list_records",
"result": [
{
"account_id": "154776478584",
"data": {
"arn": "arn:aws:iam::154776478584:role/Audit",
"assume_role_policy_document": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Condition": {},
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::154776478584:root"
}
}
],
"Version": "2012-10-17"
},
"attached_policies": [
"arn:aws:iam::aws:policy/SecurityAudit"
],
"create_date": "2026-02-08T19:54:17Z",
"inline_policy_names": [],
"max_session_duration": 3600,
"path": "/",
"role_id": "AROASICLFUN4FUDVXOMSL",
"role_name": "Audit",
"tags": {}
},
"id": "118a79b9-79bc-4df5-b14d-e0691f95f2e9",
"region": "global",
"resource_id": "arn:aws:iam::154776478584:role/Audit",
"resource_type": "iam_role"
},
{
"account_id": "154776478584",
"data": {
"arn": "arn:aws:iam::154776478584:role/aws-service-role/resource-explorer-2.amazonaws.com/AWSServiceRoleForResourceExplorer",
"assume_role_policy_document": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "resource-explorer-2.amazonaws.com"
}
}
],
"Version": "2012-10-17"
},
"attached_policies": [
"arn:aws:iam::aws:policy/aws-service-role/AWSResourceExplorerServiceRolePolicy"
],
"create_date": "2025-12-10T19:51:04Z",
"inline_policy_names": [],
"max_session_duration": 3600,
"path": "/aws-service-role/resource-explorer-2.amazonaws.com/",
"role_id": "AROASICLFUN4PYLZZXHFN",
"role_name": "AWSServiceRoleForResourceExplorer",
"tags": {}
},
"id": "e2e15aae-75f2-494d-9816-af1419651a0b",
"region": "global",
"resource_id": "arn:aws:iam::154776478584:role/aws-service-role/resource-explorer-2.amazonaws.com/AWSServiceRoleForResourceExplorer",
"resource_type": "iam_role"
},
{
"account_id": "154776478584",
"data": {
"arn": "arn:aws:iam::154776478584:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport",
"assume_role_policy_document": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "support.amazonaws.com"
}
}
],
"Version": "2012-10-17"
},
"attached_policies": [
"arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy"
],
"create_date": "2022-08-26T01:30:14Z",
"inline_policy_names": [],
"max_session_duration": 3600,
"path": "/aws-service-role/support.amazonaws.com/",
"role_id": "AROASICLFUN4F7UFKDGUO",
"role_name": "AWSServiceRoleForSupport",
"tags": {}
},
"id": "21d1632d-519e-4c93-9908-a5ef8c8577a7",
"region": "global",
"resource_id": "arn:aws:iam::154776478584:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport",
"resource_type": "iam_role"
},
{
"account_id": "154776478584",
"data": {
"arn": "arn:aws:iam::154776478584:role/aws-service-role/trustedadvisor.amazonaws.com/AWSServiceRoleForTrustedAdvisor",
"assume_role_policy_document": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "trustedadvisor.amazonaws.com"
}
}
],
"Version": "2012-10-17"
},
"attached_policies": [
"arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorServiceRolePolicy"
],
"create_date": "2022-08-26T01:30:14Z",
"inline_policy_names": [],
"max_session_duration": 3600,
"path": "/aws-service-role/trustedadvisor.amazonaws.com/",
"role_id": "AROASICLFUN4G7GX24OOQ",
"role_name": "AWSServiceRoleForTrustedAdvisor",
"tags": {}
},
"id": "5bcaa273-b7c8-4b97-a1ca-dc7cb453b956",
"region": "global",
"resource_id": "arn:aws:iam::154776478584:role/aws-service-role/trustedadvisor.amazonaws.com/AWSServiceRoleForTrustedAdvisor",
"resource_type": "iam_role"
}
]
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91",
"limit": 50,
"resource_type": "iam_group",
"table": "identities"
},
"name": "aws_list_records",
"result": []
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91"
},
"name": "aws_summarize_cloudtrail_posture",
"result": {
"cloudwatch_logs_integration_trails_count": 0,
"kms_enabled_trails_count": 0,
"log_file_validation_enabled_trails_count": 0,
"logging_enabled_trails_count": 0,
"multi_region_trails_count": 0,
"sample_trails": [],
"total_trails": 0
}
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91"
},
"name": "aws_summarize_cloudwatch_log_groups",
"result": {
"kms_encrypted_log_groups_count": 0,
"log_groups_with_retention_count": 0,
"log_groups_without_retention_count": 0,
"sample_log_groups_without_retention": [],
"total_log_groups": 0
}
}
],
"tool_plan": {
"tool_calls": [
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91"
},
"name": "aws_default_evidence_snapshot"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91"
},
"name": "aws_summarize_iam_authentication_posture"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91"
},
"name": "aws_summarize_iam_users"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91"
},
"name": "aws_summarize_iam_policy_attachments"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91",
"limit": 50,
"resource_type": "iam_user",
"table": "identities"
},
"name": "aws_list_records"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91",
"limit": 50,
"resource_type": "iam_role",
"table": "identities"
},
"name": "aws_list_records"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91",
"limit": 50,
"resource_type": "iam_group",
"table": "identities"
},
"name": "aws_list_records"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91"
},
"name": "aws_summarize_cloudtrail_posture"
},
{
"args": {
"account_id": "154776478584",
"ingestion_run_id": "6e066971-b587-4844-a459-c7203e772d91"
},
"name": "aws_summarize_cloudwatch_log_groups"
}
]
}
}