Mod: aws-iam

The aws-iam mod consists of 22 resource types, 332 policies, 130 controls and 68 actions.

Recommended Version

Resource Types

• AWS > IAM
• AWS > IAM > Access Analyzer
• AWS > IAM > Access Key
• AWS > IAM > Account Password Policy
• AWS > IAM > Account Summary
• AWS > IAM > Credential Report
• AWS > IAM > Group
• AWS > IAM > Group > Group Policy Attachments
• AWS > IAM > Group > Inline Policy
• AWS > IAM > Instance Profile
• AWS > IAM > MFA Virtual
• AWS > IAM > OpenID Connect
• AWS > IAM > Policy
• AWS > IAM > Role
• AWS > IAM > Role > Inline Policy
• AWS > IAM > Role > Role Policy Attachments
• AWS > IAM > Root
• AWS > IAM > Server Certificate
• AWS > IAM > User
• AWS > IAM > User > Group Memberships
• AWS > IAM > User > Inline Policy
• AWS > IAM > User > User Policy Attachments

Controls

• AWS > IAM > Access Analyzer > Active
• AWS > IAM > Access Analyzer > Approved
• AWS > IAM > Access Analyzer > CMDB
• AWS > IAM > Access Analyzer > Configured
• AWS > IAM > Access Analyzer > Discovery
• AWS > IAM > Access Analyzer > Tags
• AWS > IAM > Access Key > Active
• AWS > IAM > Access Key > CMDB
• AWS > IAM > Access Key > Configured
• AWS > IAM > Access Key > Discovery
• AWS > IAM > Access Key > Usage
• AWS > IAM > Account Password Policy > CMDB
• AWS > IAM > Account Password Policy > Configured
• AWS > IAM > Account Password Policy > Discovery
• AWS > IAM > Account Password Policy > Settings
• AWS > IAM > Account Summary > CMDB
• AWS > IAM > Account Summary > Discovery
• AWS > IAM > Credential Report > CMDB
• AWS > IAM > Credential Report > Discovery
• AWS > IAM > Group > Active
• AWS > IAM > Group > Approved
• AWS > IAM > Group > CMDB
• AWS > IAM > Group > Configured
• AWS > IAM > Group > Discovery
• AWS > IAM > Group > Group Policy Attachments > Active
• AWS > IAM > Group > Group Policy Attachments > CMDB
• AWS > IAM > Group > Group Policy Attachments > Configured
• AWS > IAM > Group > Group Policy Attachments > Discovery
• AWS > IAM > Group > Inline Policy > Approved
• AWS > IAM > Group > Inline Policy > CMDB
• AWS > IAM > Group > Inline Policy > Discovery
• AWS > IAM > Group > Inline Policy > Statements
• AWS > IAM > Group > Inline Policy > Statements > Approved
• AWS > IAM > Group > Policy Attachments
• AWS > IAM > Group > Policy Attachments > Approved
• AWS > IAM > Group > Policy Attachments > Required
• AWS > IAM > Group > Usage
• AWS > IAM > Instance Profile > CMDB
• AWS > IAM > Instance Profile > Configured
• AWS > IAM > Instance Profile > Discovery
• AWS > IAM > MFA Virtual > Active
• AWS > IAM > MFA Virtual > CMDB
• AWS > IAM > MFA Virtual > Discovery
• AWS > IAM > OpenID Connect > Active
• AWS > IAM > OpenID Connect > Approved
• AWS > IAM > OpenID Connect > CMDB
• AWS > IAM > OpenID Connect > Configured
• AWS > IAM > OpenID Connect > Discovery
• AWS > IAM > OpenID Connect > Tags
• AWS > IAM > OpenID Connect > Usage
• AWS > IAM > Policy > Active
• AWS > IAM > Policy > Approved
• AWS > IAM > Policy > CMDB
• AWS > IAM > Policy > Configured
• AWS > IAM > Policy > Discovery
• AWS > IAM > Policy > Statements
• AWS > IAM > Policy > Statements > Approved
• AWS > IAM > Role > Active
• AWS > IAM > Role > Approved
• AWS > IAM > Role > Boundary
• AWS > IAM > Role > CMDB
• AWS > IAM > Role > Configured
• AWS > IAM > Role > Discovery
• AWS > IAM > Role > Inline Policy > Approved
• AWS > IAM > Role > Inline Policy > CMDB
• AWS > IAM > Role > Inline Policy > Configured
• AWS > IAM > Role > Inline Policy > Discovery
• AWS > IAM > Role > Inline Policy > Statements
• AWS > IAM > Role > Inline Policy > Statements > Approved
• AWS > IAM > Role > Policy
• AWS > IAM > Role > Policy > Trusted Access
• AWS > IAM > Role > Policy Attachments
• AWS > IAM > Role > Policy Attachments > Approved
• AWS > IAM > Role > Policy Attachments > Required
• AWS > IAM > Role > Role Policy Attachments > Active
• AWS > IAM > Role > Role Policy Attachments > CMDB
• AWS > IAM > Role > Role Policy Attachments > Configured
• AWS > IAM > Role > Role Policy Attachments > Discovery
• AWS > IAM > Role > Tags
• AWS > IAM > Role > Trust Relationship Statements
• AWS > IAM > Role > Trust Relationship Statements > Approved
• AWS > IAM > Role > Usage
• AWS > IAM > Root > Approved
• AWS > IAM > Root > CMDB
• AWS > IAM > Root > Configured
• AWS > IAM > Root > Discovery
• AWS > IAM > Server Certificate > Active
• AWS > IAM > Server Certificate > Approved
• AWS > IAM > Server Certificate > CMDB
• AWS > IAM > Server Certificate > Discovery
• AWS > IAM > Server Certificate > Tags
• AWS > IAM > Server Certificate > Usage
• AWS > IAM > Stack
• AWS > IAM > Stack [Native]
• AWS > IAM > User > Active
• AWS > IAM > User > Approved
• AWS > IAM > User > Boundary
• AWS > IAM > User > CMDB
• AWS > IAM > User > Configured
• AWS > IAM > User > Discovery
• AWS > IAM > User > Group Memberships > CMDB
• AWS > IAM > User > Group Memberships > Configured
• AWS > IAM > User > Group Memberships > Discovery
• AWS > IAM > User > Inline Policy > Approved
• AWS > IAM > User > Inline Policy > CMDB
• AWS > IAM > User > Inline Policy > Discovery
• AWS > IAM > User > Inline Policy > Statements
• AWS > IAM > User > Inline Policy > Statements > Approved
• AWS > IAM > User > Login Profile
• AWS > IAM > User > Policy Attachments
• AWS > IAM > User > Policy Attachments > Approved
• AWS > IAM > User > Policy Attachments > Required
• AWS > IAM > User > Tags
• AWS > IAM > User > Turbot Access Key
• AWS > IAM > User > Turbot Access Key > Rotation
• AWS > IAM > User > Usage
• AWS > IAM > User > User Policy Attachments > Active
• AWS > IAM > User > User Policy Attachments > CMDB
• AWS > IAM > User > User Policy Attachments > Configured
• AWS > IAM > User > User Policy Attachments > Discovery
• AWS > Turbot > IAM
• AWS > Turbot > IAM > Group
• AWS > Turbot > IAM > Group > Managed
• AWS > Turbot > IAM > Managed
• AWS > Turbot > IAM > Policy
• AWS > Turbot > IAM > Policy > Managed
• AWS > Turbot > IAM > Role
• AWS > Turbot > IAM > Role > Managed
• AWS > Turbot > IAM > User
• AWS > Turbot > IAM > User > Managed

IAM Roles

• AWS/IAM/Metadata
• AWS/IAM/Operator
• AWS/IAM/Owner

Quick Actions

• AWS > Account > Provision Managed Resources
• AWS > IAM > Access Analyzer > Delete
• AWS > IAM > Access Analyzer > Delete from AWS
• AWS > IAM > Access Analyzer > Router
• AWS > IAM > Access Analyzer > Set Tags
• AWS > IAM > Access Analyzer > Skip alarm for Active control
• AWS > IAM > Access Analyzer > Skip alarm for Active control [90 days]
• AWS > IAM > Access Analyzer > Skip alarm for Approved control
• AWS > IAM > Access Analyzer > Skip alarm for Approved control [90 days]
• AWS > IAM > Access Analyzer > Skip alarm for Tags control
• AWS > IAM > Access Analyzer > Skip alarm for Tags control [90 days]
• AWS > IAM > Access Analyzer > Update Tags
• AWS > IAM > Access Key > Deactivate
• AWS > IAM > Access Key > Delete
• AWS > IAM > Access Key > Delete from AWS
• AWS > IAM > Access Key > Router
• AWS > IAM > Access Key > Skip alarm for Active control
• AWS > IAM > Access Key > Skip alarm for Active control [90 days]
• AWS > IAM > Account Password Policy > Router
• AWS > IAM > Account Password Policy > Set Password Policy
• AWS > IAM > Group > Attach Group Policies
• AWS > IAM > Group > Delete
• AWS > IAM > Group > Delete from AWS
• AWS > IAM > Group > Detach and delete
• AWS > IAM > Group > Detach Policies
• AWS > IAM > Group > Group Policy Attachments > Delete
• AWS > IAM > Group > Group Policy Attachments > Router
• AWS > IAM > Group > IAM Group Managed
• AWS > IAM > Group > Inline Policy > Delete
• AWS > IAM > Group > Inline Policy > Delete from AWS
• AWS > IAM > Group > Inline Policy > Router
• AWS > IAM > Group > Inline Policy > Skip alarm for Approved control
• AWS > IAM > Group > Inline Policy > Skip alarm for Approved control [90 days]
• AWS > IAM > Group > Inline Policy > Update Group Inline Policy
• AWS > IAM > Group > Router
• AWS > IAM > Group > Skip alarm for Active control
• AWS > IAM > Group > Skip alarm for Active control [90 days]
• AWS > IAM > Group > Skip alarm for Approved control
• AWS > IAM > Group > Skip alarm for Approved control [90 days]
• AWS > IAM > Instance Profile > Router
• AWS > IAM > MFA Virtual > Delete
• AWS > IAM > MFA Virtual > Router
• AWS > IAM > OpenID Connect > Delete
• AWS > IAM > OpenID Connect > Delete from AWS
• AWS > IAM > OpenID Connect > Router
• AWS > IAM > OpenID Connect > Set Tags
• AWS > IAM > OpenID Connect > Skip alarm for Active control
• AWS > IAM > OpenID Connect > Skip alarm for Active control [90 days]
• AWS > IAM > OpenID Connect > Skip alarm for Approved control
• AWS > IAM > OpenID Connect > Skip alarm for Approved control [90 days]
• AWS > IAM > OpenID Connect > Skip alarm for Tags control
• AWS > IAM > OpenID Connect > Skip alarm for Tags control [90 days]
• AWS > IAM > OpenID Connect > Update Tags
• AWS > IAM > Policy > Create Version
• AWS > IAM > Policy > Delete
• AWS > IAM > Policy > Delete from AWS
• AWS > IAM > Policy > Detach and delete
• AWS > IAM > Policy > Router
• AWS > IAM > Policy > Skip alarm for Active control
• AWS > IAM > Policy > Skip alarm for Active control [90 days]
• AWS > IAM > Policy > Skip alarm for Approved control
• AWS > IAM > Policy > Skip alarm for Approved control [90 days]
• AWS > IAM > Role > Attach Inline Policy
• AWS > IAM > Role > Attach Policies
• AWS > IAM > Role > Attach Quarantine policy
• AWS > IAM > Role > Attach Quarantine policy
• AWS > IAM > Role > Delete
• AWS > IAM > Role > Delete from AWS
• AWS > IAM > Role > Detach Policies
• AWS > IAM > Role > Detach Quarantine policy
• AWS > IAM > Role > Detach Quarantine policy
• AWS > IAM > Role > IAM Role Managed
• AWS > IAM > Role > Inline Policy > Delete
• AWS > IAM > Role > Inline Policy > Delete from AWS
• AWS > IAM > Role > Inline Policy > Router
• AWS > IAM > Role > Inline Policy > Skip alarm for Approved control
• AWS > IAM > Role > Inline Policy > Skip alarm for Approved control [90 days]
• AWS > IAM > Role > Inline Policy > Update Role Inline Policy
• AWS > IAM > Role > Role Policy Attachments > Delete
• AWS > IAM > Role > Role Policy Attachments > Router
• AWS > IAM > Role > Router
• AWS > IAM > Role > Set Boundary Policy
• AWS > IAM > Role > Set Policy Trusted Access
• AWS > IAM > Role > Set Tags
• AWS > IAM > Role > Skip alarm for Active control
• AWS > IAM > Role > Skip alarm for Active control [90 days]
• AWS > IAM > Role > Skip alarm for Approved control
• AWS > IAM > Role > Skip alarm for Approved control [90 days]
• AWS > IAM > Role > Skip alarm for Tags control
• AWS > IAM > Role > Skip alarm for Tags control [90 days]
• AWS > IAM > Role > Update Tags
• AWS > IAM > Role > Update Trust Policy
• AWS > IAM > Root > Skip alarm for Approved control
• AWS > IAM > Root > Skip alarm for Approved control [90 days]
• AWS > IAM > Server Certificate > Delete
• AWS > IAM > Server Certificate > Delete from AWS
• AWS > IAM > Server Certificate > Router
• AWS > IAM > Server Certificate > Set Tags
• AWS > IAM > Server Certificate > Skip alarm for Active control
• AWS > IAM > Server Certificate > Skip alarm for Active control [90 days]
• AWS > IAM > Server Certificate > Skip alarm for Approved control
• AWS > IAM > Server Certificate > Skip alarm for Approved control [90 days]
• AWS > IAM > Server Certificate > Skip alarm for Tags control
• AWS > IAM > Server Certificate > Skip alarm for Tags control [90 days]
• AWS > IAM > Server Certificate > Update Tags
• AWS > IAM > User > Attach User Policies
• AWS > IAM > User > Create or Rotate Turbot Access Key
• AWS > IAM > User > Delete
• AWS > IAM > User > Delete from AWS
• AWS > IAM > User > Delete Login Profile
• AWS > IAM > User > Detach Policies
• AWS > IAM > User > IAM User Managed
• AWS > IAM > User > Inline Policy > Delete
• AWS > IAM > User > Inline Policy > Delete from AWS
• AWS > IAM > User > Inline Policy > Router
• AWS > IAM > User > Inline Policy > Skip alarm for Approved control
• AWS > IAM > User > Inline Policy > Skip alarm for Approved control [90 days]
• AWS > IAM > User > Inline Policy > Update User Inline Policy
• AWS > IAM > User > Router
• AWS > IAM > User > Set Boundary Policy
• AWS > IAM > User > Set Tags
• AWS > IAM > User > Skip alarm for Active control
• AWS > IAM > User > Skip alarm for Active control [90 days]
• AWS > IAM > User > Skip alarm for Approved control
• AWS > IAM > User > Skip alarm for Approved control [90 days]
• AWS > IAM > User > Skip alarm for Tags control
• AWS > IAM > User > Skip alarm for Tags control [90 days]
• AWS > IAM > User > Update Tags
• AWS > IAM > User > User Policy Attachments > Router

Policies

• AWS > Account > Permissions
• AWS > Account > Permissions > Default Region
• AWS > Account > Permissions > Lockdown
• AWS > Account > Permissions > Lockdown > Budget
• AWS > Account > Permissions > Lockdown > Budget > Restricted APIs
• AWS > Account > Permissions > Support Level
• AWS > IAM > Access Analyzer > Active
• AWS > IAM > Access Analyzer > Active > Age
• AWS > IAM > Access Analyzer > Active > Last Modified
• AWS > IAM > Access Analyzer > Approved
• AWS > IAM > Access Analyzer > Approved > Custom
• AWS > IAM > Access Analyzer > Approved > Regions
• AWS > IAM > Access Analyzer > Approved > Usage
• AWS > IAM > Access Analyzer > CMDB
• AWS > IAM > Access Analyzer > Configured
• AWS > IAM > Access Analyzer > Configured > Claim Precedence
• AWS > IAM > Access Analyzer > Configured > Source
• AWS > IAM > Access Analyzer > Regions
• AWS > IAM > Access Analyzer > Tags
• AWS > IAM > Access Analyzer > Tags > Template
• AWS > IAM > Access Key > Active
• AWS > IAM > Access Key > Active > Age
• AWS > IAM > Access Key > Active > Last Modified
• AWS > IAM > Access Key > Active > Latest
• AWS > IAM > Access Key > Active > Recently Used
• AWS > IAM > Access Key > Active > Status
• AWS > IAM > Access Key > CMDB
• AWS > IAM > Access Key > Configured
• AWS > IAM > Access Key > Configured > Claim Precedence
• AWS > IAM > Access Key > Configured > Source
• AWS > IAM > Access Key > Usage
• AWS > IAM > Access Key > Usage > Limit
• AWS > IAM > Account Password Policy > CMDB
• AWS > IAM > Account Password Policy > Configured
• AWS > IAM > Account Password Policy > Configured > Claim Precedence
• AWS > IAM > Account Password Policy > Configured > Source
• AWS > IAM > Account Password Policy > Settings
• AWS > IAM > Account Password Policy > Settings > Allow Users to Change
• AWS > IAM > Account Password Policy > Settings > Hard Expiry
• AWS > IAM > Account Password Policy > Settings > Max Age
• AWS > IAM > Account Password Policy > Settings > Minimum Length
• AWS > IAM > Account Password Policy > Settings > Require Lowercase Characters
• AWS > IAM > Account Password Policy > Settings > Require Numbers
• AWS > IAM > Account Password Policy > Settings > Require Symbols
• AWS > IAM > Account Password Policy > Settings > Require Uppercase Characters
• AWS > IAM > Account Password Policy > Settings > Reuse Prevention
• AWS > IAM > Account Summary > CMDB
• AWS > IAM > API Enabled
• AWS > IAM > Credential Report > CMDB
• AWS > IAM > Enabled
• AWS > IAM > Group > Active
• AWS > IAM > Group > Active > Age
• AWS > IAM > Group > Active > Budget
• AWS > IAM > Group > Active > Last Modified
• AWS > IAM > Group > Approved
• AWS > IAM > Group > Approved > Budget
• AWS > IAM > Group > Approved > Custom
• AWS > IAM > Group > Approved > Turbot
• AWS > IAM > Group > Approved > Usage
• AWS > IAM > Group > CMDB
• AWS > IAM > Group > Configured
• AWS > IAM > Group > Configured > Claim Precedence
• AWS > IAM > Group > Configured > Source
• AWS > IAM > Group > Group Policy Attachments > Active
• AWS > IAM > Group > Group Policy Attachments > Active > Last Modified
• AWS > IAM > Group > Group Policy Attachments > CMDB
• AWS > IAM > Group > Group Policy Attachments > Configured
• AWS > IAM > Group > Group Policy Attachments > Configured > Claim Precedence
• AWS > IAM > Group > Group Policy Attachments > Configured > Source
• AWS > IAM > Group > Inline Policy > Approved
• AWS > IAM > Group > Inline Policy > Approved > Custom
• AWS > IAM > Group > Inline Policy > Approved > Usage
• AWS > IAM > Group > Inline Policy > CMDB
• AWS > IAM > Group > Inline Policy > Statements
• AWS > IAM > Group > Inline Policy > Statements > Approved
• AWS > IAM > Group > Inline Policy > Statements > Approved > Administrator Access
• AWS > IAM > Group > Inline Policy > Statements > Approved > Compiled Rules
• AWS > IAM > Group > Inline Policy > Statements > Approved > Rules
• AWS > IAM > Group > Policy Attachments
• AWS > IAM > Group > Policy Attachments > Approved
• AWS > IAM > Group > Policy Attachments > Approved > Compiled Rules
• AWS > IAM > Group > Policy Attachments > Approved > Rules
• AWS > IAM > Group > Policy Attachments > Required
• AWS > IAM > Group > Policy Attachments > Required > Compiled Items
• AWS > IAM > Group > Policy Attachments > Required > Items
• AWS > IAM > Group > Usage
• AWS > IAM > Group > Usage > Limit
• AWS > IAM > Instance Profile > CMDB
• AWS > IAM > Instance Profile > Configured
• AWS > IAM > Instance Profile > Configured > Claim Precedence
• AWS > IAM > Instance Profile > Configured > Source
• AWS > IAM > Login User Names
• AWS > IAM > MFA Virtual > Active
• AWS > IAM > MFA Virtual > Active > Age
• AWS > IAM > MFA Virtual > Active > Last Modified
• AWS > IAM > MFA Virtual > CMDB
• AWS > IAM > OpenID Connect > Active
• AWS > IAM > OpenID Connect > Active > Age
• AWS > IAM > OpenID Connect > Active > Last Modified
• AWS > IAM > OpenID Connect > Approved
• AWS > IAM > OpenID Connect > Approved > Custom
• AWS > IAM > OpenID Connect > Approved > Usage
• AWS > IAM > OpenID Connect > CMDB
• AWS > IAM > OpenID Connect > Configured
• AWS > IAM > OpenID Connect > Configured > Claim Precedence
• AWS > IAM > OpenID Connect > Configured > Source
• AWS > IAM > OpenID Connect > Tags
• AWS > IAM > OpenID Connect > Tags > Template
• AWS > IAM > OpenID Connect > Usage
• AWS > IAM > OpenID Connect > Usage > Limit
• AWS > IAM > Permissions
• AWS > IAM > Permissions > Levels
• AWS > IAM > Permissions > Levels > Modifiers
• AWS > IAM > Permissions > Levels > Service User Access Key Administration
• AWS > IAM > Permissions > Levels > Service User Administration
• AWS > IAM > Permissions > Levels > Service User Password Administration
• AWS > IAM > Permissions > Lockdown
• AWS > IAM > Permissions > Lockdown > API Boundary
• AWS > IAM > Policy > Active
• AWS > IAM > Policy > Active > Age
• AWS > IAM > Policy > Active > Last Modified
• AWS > IAM > Policy > Approved
• AWS > IAM > Policy > Approved > Custom
• AWS > IAM > Policy > Approved > Turbot
• AWS > IAM > Policy > Approved > Usage
• AWS > IAM > Policy > CMDB
• AWS > IAM > Policy > Configured
• AWS > IAM > Policy > Configured > Claim Precedence
• AWS > IAM > Policy > Configured > Source
• AWS > IAM > Policy > Statements
• AWS > IAM > Policy > Statements > Approved
• AWS > IAM > Policy > Statements > Approved > Administrator Access
• AWS > IAM > Policy > Statements > Approved > Compiled Rules
• AWS > IAM > Policy > Statements > Approved > Rules
• AWS > IAM > Policy > Statements > Approved > Turbot
• AWS > IAM > Role > Active
• AWS > IAM > Role > Active > Age
• AWS > IAM > Role > Active > Last Modified
• AWS > IAM > Role > Active > Quarantine Policy Name
• AWS > IAM > Role > Active > Recently Used
• AWS > IAM > Role > Approved
• AWS > IAM > Role > Approved > Custom
• AWS > IAM > Role > Approved > Quarantine Policy Name
• AWS > IAM > Role > Approved > Turbot
• AWS > IAM > Role > Approved > Usage
• AWS > IAM > Role > Boundary
• AWS > IAM > Role > Boundary > Policy
• AWS > IAM > Role > CMDB
• AWS > IAM > Role > Configured
• AWS > IAM > Role > Configured > Claim Precedence
• AWS > IAM > Role > Configured > Source
• AWS > IAM > Role > Inline Policy > Approved
• AWS > IAM > Role > Inline Policy > Approved > Custom
• AWS > IAM > Role > Inline Policy > Approved > Usage
• AWS > IAM > Role > Inline Policy > CMDB
• AWS > IAM > Role > Inline Policy > Configured
• AWS > IAM > Role > Inline Policy > Configured > Claim Precedence
• AWS > IAM > Role > Inline Policy > Configured > Source
• AWS > IAM > Role > Inline Policy > Statements
• AWS > IAM > Role > Inline Policy > Statements > Approved
• AWS > IAM > Role > Inline Policy > Statements > Approved > Administrator Access
• AWS > IAM > Role > Inline Policy > Statements > Approved > Compiled Rules
• AWS > IAM > Role > Inline Policy > Statements > Approved > Rules
• AWS > IAM > Role > Policy
• AWS > IAM > Role > Policy > Trusted Access
• AWS > IAM > Role > Policy > Trusted Access > Accounts
• AWS > IAM > Role > Policy > Trusted Access > Identity Providers
• AWS > IAM > Role > Policy > Trusted Access > Organization Restrictions
• AWS > IAM > Role > Policy > Trusted Access > Services
• AWS > IAM > Role > Policy Attachments
• AWS > IAM > Role > Policy Attachments > Approved
• AWS > IAM > Role > Policy Attachments > Approved > Compiled Rules
• AWS > IAM > Role > Policy Attachments > Approved > Rules
• AWS > IAM > Role > Policy Attachments > Required
• AWS > IAM > Role > Policy Attachments > Required > Compiled Items
• AWS > IAM > Role > Policy Attachments > Required > Items
• AWS > IAM > Role > Policy Attachments > Required > Turbot Lockdown
• AWS > IAM > Role > Role Policy Attachments > Active
• AWS > IAM > Role > Role Policy Attachments > Active > Last Modified
• AWS > IAM > Role > Role Policy Attachments > CMDB
• AWS > IAM > Role > Role Policy Attachments > Configured
• AWS > IAM > Role > Role Policy Attachments > Configured > Claim Precedence
• AWS > IAM > Role > Role Policy Attachments > Configured > Source
• AWS > IAM > Role > Tags
• AWS > IAM > Role > Tags > Template
• AWS > IAM > Role > Trust Relationship Statements
• AWS > IAM > Role > Trust Relationship Statements > Approved
• AWS > IAM > Role > Trust Relationship Statements > Approved > Compiled Rules
• AWS > IAM > Role > Trust Relationship Statements > Approved > Rules
• AWS > IAM > Role > Trust Relationship Statements > Approved > Trusted Accounts [Deprecated]
• AWS > IAM > Role > Trust Relationship Statements > Approved > Trusted Identity Providers [Deprecated]
• AWS > IAM > Role > Trust Relationship Statements > Approved > Trusted Services [Deprecated]
• AWS > IAM > Role > Usage
• AWS > IAM > Role > Usage > Limit
• AWS > IAM > Root > Approved
• AWS > IAM > Root > Approved > Custom
• AWS > IAM > Root > Approved > Usage
• AWS > IAM > Root > CMDB
• AWS > IAM > Root > Configured
• AWS > IAM > Root > Configured > Claim Precedence
• AWS > IAM > Root > Configured > Source
• AWS > IAM > Server Certificate > Active
• AWS > IAM > Server Certificate > Active > Age
• AWS > IAM > Server Certificate > Active > Expired
• AWS > IAM > Server Certificate > Active > Last Modified
• AWS > IAM > Server Certificate > Approved
• AWS > IAM > Server Certificate > Approved > Custom
• AWS > IAM > Server Certificate > Approved > Usage
• AWS > IAM > Server Certificate > CMDB
• AWS > IAM > Server Certificate > Tags
• AWS > IAM > Server Certificate > Tags > Template
• AWS > IAM > Server Certificate > Usage
• AWS > IAM > Server Certificate > Usage > Limit
• AWS > IAM > Stack
• AWS > IAM > Stack [Native]
• AWS > IAM > Stack [Native] > Drift Detection
• AWS > IAM > Stack [Native] > Drift Detection > Interval
• AWS > IAM > Stack [Native] > Modifier
• AWS > IAM > Stack [Native] > Secret Variables
• AWS > IAM > Stack [Native] > Source
• AWS > IAM > Stack [Native] > Timeout
• AWS > IAM > Stack [Native] > Variables
• AWS > IAM > Stack [Native] > Version
• AWS > IAM > Stack > Secret Variables
• AWS > IAM > Stack > Source
• AWS > IAM > Stack > Terraform Version
• AWS > IAM > Stack > Variables
• AWS > IAM > Tags Template [Default]
• AWS > IAM > Trusted Accounts [Default]
• AWS > IAM > Trusted Identity Providers [Default]
• AWS > IAM > Trusted Organizations [Default]
• AWS > IAM > Trusted Services [Default]
• AWS > IAM > User > Active
• AWS > IAM > User > Active > Age
• AWS > IAM > User > Active > Last Modified
• AWS > IAM > User > Active > Recently Used
• AWS > IAM > User > Approved
• AWS > IAM > User > Approved > Custom
• AWS > IAM > User > Approved > Turbot
• AWS > IAM > User > Approved > Usage
• AWS > IAM > User > Boundary
• AWS > IAM > User > Boundary > Policy
• AWS > IAM > User > CMDB
• AWS > IAM > User > Configured
• AWS > IAM > User > Configured > Claim Precedence
• AWS > IAM > User > Configured > Source
• AWS > IAM > User > Group Memberships > CMDB
• AWS > IAM > User > Group Memberships > Configured
• AWS > IAM > User > Group Memberships > Configured > Claim Precedence
• AWS > IAM > User > Group Memberships > Configured > Source
• AWS > IAM > User > Inline Policy > Approved
• AWS > IAM > User > Inline Policy > Approved > Custom
• AWS > IAM > User > Inline Policy > Approved > Usage
• AWS > IAM > User > Inline Policy > CMDB
• AWS > IAM > User > Inline Policy > Statements
• AWS > IAM > User > Inline Policy > Statements > Approved
• AWS > IAM > User > Inline Policy > Statements > Approved > Administrator Access
• AWS > IAM > User > Inline Policy > Statements > Approved > Compiled Rules
• AWS > IAM > User > Inline Policy > Statements > Approved > Rules
• AWS > IAM > User > Login Profile
• AWS > IAM > User > Policy Attachments
• AWS > IAM > User > Policy Attachments > Approved
• AWS > IAM > User > Policy Attachments > Approved > Compiled Rules
• AWS > IAM > User > Policy Attachments > Approved > Rules
• AWS > IAM > User > Policy Attachments > Required
• AWS > IAM > User > Policy Attachments > Required > Compiled Items
• AWS > IAM > User > Policy Attachments > Required > Items
• AWS > IAM > User > Policy Attachments > Required > Turbot Lockdown
• AWS > IAM > User > Tags
• AWS > IAM > User > Tags > Template
• AWS > IAM > User > Turbot Access Key
• AWS > IAM > User > Turbot Access Key > Rotation
• AWS > IAM > User > Turbot Secret Access Key
• AWS > IAM > User > Usage
• AWS > IAM > User > Usage > Limit
• AWS > IAM > User > User Policy Attachments > Active
• AWS > IAM > User > User Policy Attachments > Active > Last Modified
• AWS > IAM > User > User Policy Attachments > CMDB
• AWS > IAM > User > User Policy Attachments > Configured
• AWS > IAM > User > User Policy Attachments > Configured > Claim Precedence
• AWS > IAM > User > User Policy Attachments > Configured > Source
• AWS > Turbot > Event Handlers > Events > Rules > Custom Event Patterns > @turbot/aws-iam
• AWS > Turbot > IAM
• AWS > Turbot > IAM > Managed
• AWS > Turbot > Permissions
• AWS > Turbot > Permissions > Compiled
• AWS > Turbot > Permissions > Compiled > Account Permissions
• AWS > Turbot > Permissions > Compiled > Allow Statements
• AWS > Turbot > Permissions > Compiled > API Boundary
• AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-iam
• AWS > Turbot > Permissions > Compiled > Levels
• AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-iam
• AWS > Turbot > Permissions > Compiled > Lockdown Statements
• AWS > Turbot > Permissions > Compiled > Lockdown Statements > @turbot/aws-iam
• AWS > Turbot > Permissions > Compiled > Service Permissions
• AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-iam
• AWS > Turbot > Permissions > Custom Group Levels [Account]
• AWS > Turbot > Permissions > Custom Role Levels [Account]
• AWS > Turbot > Permissions > Custom Role Levels [Folder]
• AWS > Turbot > Permissions > Group
• AWS > Turbot > Permissions > Group > Name Path
• AWS > Turbot > Permissions > Group > Name Prefix
• AWS > Turbot > Permissions > Levels
• AWS > Turbot > Permissions > Levels [Default]
• AWS > Turbot > Permissions > Levels > Modifiers
• AWS > Turbot > Permissions > Lockdown
• AWS > Turbot > Permissions > Lockdown > API Boundary
• AWS > Turbot > Permissions > Lockdown > Region Boundary
• AWS > Turbot > Permissions > Lockdown > Regions
• AWS > Turbot > Permissions > Name Path [Default]
• AWS > Turbot > Permissions > Name Prefix [Default]
• AWS > Turbot > Permissions > Policy
• AWS > Turbot > Permissions > Policy > Name Path
• AWS > Turbot > Permissions > Policy > Name Prefix
• AWS > Turbot > Permissions > Role
• AWS > Turbot > Permissions > Role > Name Path
• AWS > Turbot > Permissions > Role > Name Prefix
• AWS > Turbot > Permissions > Role > Session Timeout
• AWS > Turbot > Permissions > Role > Tags
• AWS > Turbot > Permissions > Source
• AWS > Turbot > Permissions > Superuser Boundary
• AWS > Turbot > Permissions > Tags Default
• AWS > Turbot > Permissions > Terraform Version
• AWS > Turbot > Permissions > User
• AWS > Turbot > Permissions > User > Access Keys Enabled
• AWS > Turbot > Permissions > User > Group Membership Mode
• AWS > Turbot > Permissions > User > Name Path
• AWS > Turbot > Permissions > User > Session Timeout
• AWS > Turbot > Permissions > User > Tags
• AWS > Turbot > Permissions > User Boundary
• Turbot > IAM > Permissions > Compiled > Levels > AWS
• Turbot > IAM > Permissions > Compiled > Levels > AWS [Turbot]

Policy Packs

• AWS CIS v3.0.0 - Section 1 - Identity and Access Management
• Check MFA Is Enabled for AWS IAM Root Accounts
• Deny all AWS IAM actions from Unapproved Networks
• Deploy AWS IAM Stack
• Enforce AWS IAM Access Keys Are Not Older Than 90 Days
• Enforce AWS IAM Account Password Policy Settings
• Enforce AWS IAM Policies Do Not Have Admin Privileges
• Enforce AWS IAM Roles Restrict Access
• Enforce Backups of EBS Volumes
• Enforce MFA Is Enabled for AWS IAM Users