IAM

  1. Home
  2. IAM

128

Resources

235

Total Findings

396

Rules Executed

37

Unique Rules

0

Exception

351.843s

Timespent

Summary

Filter

rootMfaActive

Security
Description
Root user can perform sensitive operations in your account, adding an additional layer of authentication helps you to better secure your account. You have NOT enabled Multi-Factor Authentication (MFA) on your root user. AWS MFA is a simple best practice that adds an extra layer of protection on top of your user name and password. With MFA enabled, when a user signs in to an AWS Management Console, they will be prompted for their user name and password (the first factor—what they know), as well as for an authentication code from their AWS MFA device (the second factor—what they have). Taken together, these multiple factors provide increased security for your AWS account settings and resources.
Resources
GLOBAL: User::root_id
Label
Cost Incurred (maybe)
Recommendation
AWS MFA
IAM Best Practices

unusedRole

Operation Excellence
Description
You have 109 unused roles in your account. Review the necessities of these roles, and delete them if no longer necessary. By removing unused roles, you can simplify monitoring and improve your security posture.
Resources
GLOBAL: Role::AccessAnalyzerTrustedService | Role::aspnetecstaskroles | Role::AthenaCURdailyStack-AWSCURCrawlerComponentFunction-XX4CHL7H96MD | Role::AthenaCURdailyStack-AWSCURCrawlerLambdaExecutor-18PJXDZOQVUT8 | Role::AthenaCURdailyStack-AWSS3CURLambdaExecutor-91GHL63BKDPJ | Role::AthenaCURMonthlyStack-AWSCURCrawlerComponentFuncti-1AJFUSIA0NX5X | Role::AthenaCURMonthlyStack-AWSS3CURLambdaExecutor-19ZYBIKM90TK9 | Role::AVMContainersUserRole | Role::aws-ec2-spot-fleet-tagging-role | Role::aws-security-hub-automate-orchestratorRole12B410FD-1VFCRA5D658CQ | Role::aws-security-hub-automate-SNS2DeliveryStatusLoggin-1XB1ER18ZZ6IV | Role::awslogs.prod.kelex.molecule.toppatterns | Role::AWSReservedSSO_AWSPowerUserAccess_00098b9536c9ffa7 | Role::AWSReservedSSO_AWSReadOnlyAccess_4426e61ec70ce688 | Role::AWSReservedSSO_AWSServiceCatalogAdminFullAccess_c710ef77c5721888 | Role::AWSReservedSSO_AWSServiceCatalogEndUserAccess_2f1286af87fe02c6 | Role::AWSSupportPatchwork-ap-northeast-1-AutomationRole | Role::AWSSupportPatchwork-ap-northeast-2-AutomationRole | Role::AWSSupportPatchwork-ap-south-1-AutomationRole | Role::AWSSupportPatchwork-ap-southeast-2-AutomationRole | Role::AWSSupportPatchwork-ca-central-1-AutomationRole | Role::AWSSupportPatchwork-eu-central-1-AutomationRole | Role::AWSSupportPatchwork-eu-north-1-AutomationRole | Role::AWSSupportPatchwork-eu-west-1-AutomationRole | Role::AWSSupportPatchwork-eu-west-2-AutomationRole | Role::AWSSupportPatchwork-eu-west-3-AutomationRole | Role::AWSSupportPatchwork-sa-east-1-AutomationRole | Role::AWSSupportPatchwork-us-east-1-AutomationRole | Role::AWSSupportPatchwork-us-east-2-AutomationRole | Role::AWSSupportPatchwork-us-west-1-AutomationRole | Role::AWSVAPTAudit | Role::CID-CUR-Destination-CIDLambdaAnalyticsRole-4lnxU3a60sr4 | Role::CidExecRole | Role::Cloud-Intelligence-Dashbo-ProcessPathLambdaExecutio-4v29TjzrvQTv | Role::Cloud-Intelligence-Dashboar-InitLambdaExecutionRole-ZassKR4B4CY8 | Role::Cloud-Intelligence-Dashboards-CidCURCrawlerRole-6n5acUHm6w0r | Role::CloudSecAuditRole | Role::CloudSeerTrustedServiceRole | Role::CodeGuruProfilerForwardToAmazonProfiler | Role::CURathenaStack-AWSCURCrawlerComponentFunction-Y25X9I4YKV02 | Role::CURathenaStack-AWSCURCrawlerLambdaExecutor-WYW3Y5BXZGA | Role::CURathenaStack-AWSS3CURLambdaExecutor-YH390THQNEJX | Role::EC2CapacityReservationService | Role::ecsAutoscaleRole | Role::ecsTaskExecutionRole | Role::MarketplaceFullAccess | Role::rds-monitoring-role | Role::SaltyTrustedService | Role::SecurityHub_CSV_Exporter | Role::ShadowTrooperRole | Role::SO0111-CloudTrailToCloudWatchLogs | Role::SO0111-ConfigureS3BucketLogging | Role::SO0111-ConfigureS3BucketPublicAccessBlock | Role::SO0111-ConfigureS3PublicAccessBlock | Role::SO0111-ConfigureSNSTopicForStack | Role::SO0111-CreateAccessLoggingBucket | Role::SO0111-CreateCloudTrailMultiRegionTrail | Role::SO0111-CreateIAMSupportRole | Role::SO0111-CreateLogMetricFilterAndAlarm | Role::SO0111-DisablePublicAccessForSecurityGroup | Role::SO0111-DisablePublicAccessToRDSInstance | Role::SO0111-DisablePublicAccessToRedshiftCluster | Role::SO0111-DisablePublicIPAutoAssign | Role::SO0111-EnableAutomaticSnapshotsOnRedshiftCluster | Role::SO0111-EnableAutomaticVersionUpgradeOnRedshiftCluster | Role::SO0111-EnableAutoScalingGroupELBHealthCheck | Role::SO0111-EnableAWSConfig | Role::SO0111-EnableCloudTrailEncryption | Role::SO0111-EnableCloudTrailLogFileValidation | Role::SO0111-EnableCloudTrailToCloudWatchLogging | Role::SO0111-EnableCopyTagsToSnapshotOnRDSCluster | Role::SO0111-EnableDefaultEncryptionS3 | Role::SO0111-EnableDeliveryStatusLoggingForSNSTopic | Role::SO0111-EnableEbsEncryptionByDefault | Role::SO0111-EnableEncryptionForSNSTopic | Role::SO0111-EnableEncryptionForSQSQueue | Role::SO0111-EnableEnhancedMonitoringOnRDSInstance | Role::SO0111-EnableKeyRotation | Role::SO0111-EnableMinorVersionUpgradeOnRDSDBInstance | Role::SO0111-EnableMultiAZOnRDSInstance | Role::SO0111-EnableRDSClusterDeletionProtection | Role::SO0111-EnableRDSInstanceDeletionProtection | Role::SO0111-EnableRedshiftClusterAuditLogging | Role::SO0111-EnableVPCFlowLogs | Role::SO0111-EnableVPCFlowLogs-remediationRole | Role::SO0111-EncryptRDSSnapshot | Role::SO0111-MakeEBSSnapshotsPrivate | Role::SO0111-MakeRDSSnapshotPrivate | Role::SO0111-RDSMonitoring-remediationRole | Role::SO0111-RemoveLambdaPublicAccess | Role::SO0111-RemoveVPCDefaultSecurityGroupRules | Role::SO0111-ReplaceCodeBuildClearTextCredentials | Role::SO0111-RevokeUnrotatedKeys | Role::SO0111-RevokeUnusedIAMUserCredentials | Role::SO0111-S3BlockDenylist | Role::SO0111-SetIAMPasswordPolicy | Role::SO0111-SetSSLBucketPolicy | Role::SO0111-SHARR-Orchestrator-Member | Role::SpringClean-XUG3HH5R-AutoUpdateElevatedRole-1IM6AYMGMCA35 | Role::SpringClean-XUG3HH5R-FeatureCheckerFunctionRole-1AH36Y9VYP822 | Role::SpringClean-XUG3HH5R-SesVerifyEmailFunctionRole-1TXMG47957RRG | Role::SpringClean-XUG3HH5R-SpringCleanStackSetAdministra-QIMZ48DM5OFV | Role::SpringClean-XUG3HH5R-SpringCleanStackSetExecutionR-D9DWX0EX1ZOA | Role::testCarbonRole | Role::TurtleRoleManagement | Role::vpcflowCWrole | Role::wwRoleEC2SES | Role::wwRoleLambdaSES | Role::ww_augnhtrole
Recommendation
AWS Blog

InlinePolicy

Operation Excellence
Description
You have set an inline policy for 102 IAM users, groups or roles. An inline policy is a policy that's embedded in an IAM identity (a user, group, or role). In most cases, we recommend that you use managed policies instead of inline policies. This is because managed policies have several additional features such as reusability, central change management, versioning and rolling back, delegating permissions management and automatic updates. Inline policies are useful if you want to maintain a strict one-to-one relationship between a policy and the identity that it's applied to. For example, you want to be sure that the permissions in a policy are not inadvertently assigned to an identity other than the one they're intended for.
Resources
GLOBAL: Role::AccessAnalyzerTrustedService | Role::AthenaCURdailyStack-AWSCURCrawlerComponentFunction-XX4CHL7H96MD | Role::AthenaCURdailyStack-AWSCURCrawlerLambdaExecutor-18PJXDZOQVUT8 | Role::AthenaCURdailyStack-AWSS3CURLambdaExecutor-91GHL63BKDPJ | Role::AthenaCURMonthlyStack-AWSCURCrawlerComponentFuncti-1AJFUSIA0NX5X | Role::AthenaCURMonthlyStack-AWSCURCrawlerLambdaExecutor-17MUZETRCHEGM | Role::AthenaCURMonthlyStack-AWSS3CURLambdaExecutor-19ZYBIKM90TK9 | Role::AVMContainersUserRole | Role::aws-security-hub-automate-orchestratorRole12B410FD-1VFCRA5D658CQ | Role::aws-security-hub-automate-SNS2DeliveryStatusLoggin-1XB1ER18ZZ6IV | Role::awslogs.prod.kelex.molecule.toppatterns | Role::AWSReservedSSO_AWSServiceCatalogEndUserAccess_2f1286af87fe02c6 | Role::AWSSupportPatchwork-ap-northeast-1-AutomationRole | Role::AWSSupportPatchwork-ap-northeast-2-AutomationRole | Role::AWSSupportPatchwork-ap-south-1-AutomationRole | Role::AWSSupportPatchwork-ap-southeast-1-AutomationRole | Role::AWSSupportPatchwork-ap-southeast-2-AutomationRole | Role::AWSSupportPatchwork-ca-central-1-AutomationRole | Role::AWSSupportPatchwork-eu-central-1-AutomationRole | Role::AWSSupportPatchwork-eu-north-1-AutomationRole | Role::AWSSupportPatchwork-eu-west-1-AutomationRole | Role::AWSSupportPatchwork-eu-west-2-AutomationRole | Role::AWSSupportPatchwork-eu-west-3-AutomationRole | Role::AWSSupportPatchwork-sa-east-1-AutomationRole | Role::AWSSupportPatchwork-us-east-1-AutomationRole | Role::AWSSupportPatchwork-us-east-2-AutomationRole | Role::AWSSupportPatchwork-us-west-1-AutomationRole | Role::AWSSupportPatchwork-us-west-2-AutomationRole | Role::CID-CUR-Destination-CIDLambdaAnalyticsRole-4lnxU3a60sr4 | Role::CidExecRole | Role::CidQuickSightDataSourceRole | Role::Cloud-Intelligence-Dashboar-InitLambdaExecutionRole-ZassKR4B4CY8 | Role::Cloud-Intelligence-Dashboards-CidCURCrawlerRole-6n5acUHm6w0r | Role::CloudSecAuditRole | Role::CloudSeerTrustedServiceRole | Role::CodeGuruProfilerForwardToAmazonProfiler | Role::CURathenaStack-AWSCURCrawlerComponentFunction-Y25X9I4YKV02 | Role::CURathenaStack-AWSCURCrawlerLambdaExecutor-WYW3Y5BXZGA | Role::CURathenaStack-AWSS3CURLambdaExecutor-YH390THQNEJX | Role::IMDSv2-automigrator | Role::OrthancRole | Role::SaltyTrustedService | Role::security-hub-format-LambdaExecutionRole-nFM8xh5M3MeA | Role::ShadowTrooperRole | Role::SO0111-CloudTrailToCloudWatchLogs | Role::SO0111-ConfigureS3BucketLogging | Role::SO0111-ConfigureS3BucketPublicAccessBlock | Role::SO0111-ConfigureS3PublicAccessBlock | Role::SO0111-ConfigureSNSTopicForStack | Role::SO0111-CreateAccessLoggingBucket | Role::SO0111-CreateCloudTrailMultiRegionTrail | Role::SO0111-CreateIAMSupportRole | Role::SO0111-CreateLogMetricFilterAndAlarm | Role::SO0111-DisablePublicAccessForSecurityGroup | Role::SO0111-DisablePublicAccessToRDSInstance | Role::SO0111-DisablePublicAccessToRedshiftCluster | Role::SO0111-DisablePublicIPAutoAssign | Role::SO0111-EnableAutomaticSnapshotsOnRedshiftCluster | Role::SO0111-EnableAutomaticVersionUpgradeOnRedshiftCluster | Role::SO0111-EnableAutoScalingGroupELBHealthCheck | Role::SO0111-EnableAWSConfig | Role::SO0111-EnableCloudTrailEncryption | Role::SO0111-EnableCloudTrailLogFileValidation | Role::SO0111-EnableCloudTrailToCloudWatchLogging | Role::SO0111-EnableCopyTagsToSnapshotOnRDSCluster | Role::SO0111-EnableDefaultEncryptionS3 | Role::SO0111-EnableDeliveryStatusLoggingForSNSTopic | Role::SO0111-EnableEbsEncryptionByDefault | Role::SO0111-EnableEncryptionForSNSTopic | Role::SO0111-EnableEncryptionForSQSQueue | Role::SO0111-EnableEnhancedMonitoringOnRDSInstance | Role::SO0111-EnableKeyRotation | Role::SO0111-EnableMinorVersionUpgradeOnRDSDBInstance | Role::SO0111-EnableMultiAZOnRDSInstance | Role::SO0111-EnableRDSClusterDeletionProtection | Role::SO0111-EnableRDSInstanceDeletionProtection | Role::SO0111-EnableRedshiftClusterAuditLogging | Role::SO0111-EnableVPCFlowLogs | Role::SO0111-EnableVPCFlowLogs-remediationRole | Role::SO0111-EncryptRDSSnapshot | Role::SO0111-MakeEBSSnapshotsPrivate | Role::SO0111-MakeRDSSnapshotPrivate | Role::SO0111-RDSMonitoring-remediationRole | Role::SO0111-RemoveLambdaPublicAccess | Role::SO0111-RemoveVPCDefaultSecurityGroupRules | Role::SO0111-ReplaceCodeBuildClearTextCredentials | Role::SO0111-RevokeUnrotatedKeys | Role::SO0111-RevokeUnusedIAMUserCredentials | Role::SO0111-S3BlockDenylist | Role::SO0111-SetIAMPasswordPolicy | Role::SO0111-SetSSLBucketPolicy | Role::SO0111-SHARR-Orchestrator-Member | Role::SpringClean-XUG3HH5R-AutoUpdateElevatedRole-1IM6AYMGMCA35 | Role::SpringClean-XUG3HH5R-AutoUpdateRole-20LWKR871KYY | Role::SpringClean-XUG3HH5R-FeatureCheckerFunctionRole-1AH36Y9VYP822 | Role::SpringClean-XUG3HH5R-SesVerifyEmailFunctionRole-1TXMG47957RRG | Role::SpringClean-XUG3HH5R-SpringCleanRole-LMVT7YWUT75Y | Role::SpringClean-XUG3HH5R-SpringCleanStackSetAdministra-QIMZ48DM5OFV | Role::SpringClean-XUG3HH5R-SpringCleanStackSetExecutionR-D9DWX0EX1ZOA | Role::testCarbonRole | Role::TurtleRoleManagement | Role::vpcflowCWrole
Recommendation
AWS Docs

roleLongSession

Security
Description
7 role session duration is longer than the default duration of 60 minutes. Unless your applications and/or federated users need to complete longer running workloads in a single session, it is recommended to stick with the default session duration.
Resources
GLOBAL: Role::Admin | Role::AWSReservedSSO_AWSAdministratorAccess_ac7e558480de85c0 | Role::AWSReservedSSO_AWSPowerUserAccess_00098b9536c9ffa7 | Role::AWSReservedSSO_AWSReadOnlyAccess_4426e61ec70ce688 | Role::AWSReservedSSO_AWSServiceCatalogAdminFullAccess_c710ef77c5721888 | Role::AWSReservedSSO_AWSServiceCatalogEndUserAccess_2f1286af87fe02c6 | Role::security-hub-format-LambdaExecutionRole-nFM8xh5M3MeA
Label
Testing Required (maybe)
Recommendation
AWS Blog

FullAdminAccess

Security
Description
You have provided full Administrator access to 4 users, groups or roles. It is considered best practice to limit access by following the standard security advice of granting least privilege, or granting only the permissions required to perform a task. Determine what users and roles need to do and then craft policies that allow them to perform only those tasks.
Resources
GLOBAL: Role::Admin | Role::AWSReservedSSO_AWSAdministratorAccess_ac7e558480de85c0 | Role::ww_augnhtrole | Group::admin-group
Recommendation
AWS Docs
Organization GuardRail Blog

ManagedPolicyFullAccessOneServ

Security
Description
You have set a managed policy giving 9 users, groups and/or roles full access to one service. It is considered best practice to limit access by following the standard security advice of granting least privilege, or granting only the permissions required to perform a task. Determine what users and roles need to do and then craft policies that allow them to perform only those tasks.
Resources
GLOBAL: Role::AthenaCURdailyStack-AWSCURCrawlerComponentFunction-XX4CHL7H96MD | Role::AthenaCURMonthlyStack-AWSCURCrawlerComponentFuncti-1AJFUSIA0NX5X | Role::AWSReservedSSO_AWSPowerUserAccess_00098b9536c9ffa7 | Role::Cloud-Intelligence-Dashbo-ProcessPathLambdaExecutio-4v29TjzrvQTv | Role::Cloud-Intelligence-Dashboar-InitLambdaExecutionRole-ZassKR4B4CY8 | Role::Cloud-Intelligence-Dashboards-CidCURCrawlerRole-6n5acUHm6w0r | Role::CURathenaStack-AWSCURCrawlerComponentFunction-Y25X9I4YKV02 | Role::MarketplaceFullAccess | Role::OrthancRole
Recommendation
AWS Docs

InlinePolicyFullAccessOneServ

Security
Description
You have set an inline policy giving 1 users, groups and/or roles full access to one service. Consider switching to managed policies instead. It is also considered best practice to limit access by following the standard security advice of granting least privilege, or granting only the permissions required to perform a task. Determine what users and roles need to do and then craft policies that allow them to perform only those tasks.
Resources
GLOBAL: Role::SpringClean-XUG3HH5R-SpringCleanStackSetExecutionR-D9DWX0EX1ZOA
Recommendation
AWS Docs

passwordPolicy

Security
Description
You have not set a custom password policy. Setting a custom password policy will allow you to have the ability to require strong password practices, such as complexity level, avoiding re-use, and enforcing multi-factor authentication (MFA). If you don't set a custom password policy, IAM user passwords must meet the default AWS password policy.
Resources
GLOBAL: Account::Config
Recommendation
IAM Password Policy

PartialEnableConfigService

Security
Description
Not all regions has Config enabled. The AWS Config service performs configuration management of supported AWS resources in your account and delivers log files to you. The recorded information includes the configuration item (AWS resource), relationships between configuration items, and any configuration changes between resources.
Resources
GLOBAL: Account::Config
Label
Cost Incurred
Recommendation
Enable AWS Config
Detail
GLOBAL

1. root_id

CheckCurrent ValueRecommendation
rootMfaActive Inactive Enable MFA on root user

2. AccessAnalyzerTrustedService

CheckCurrent ValueRecommendation
unusedRole 815 days passed Review & remove inactive roles
InlinePolicy AccessAnalyzerTrustedServicePolicy Use managed policies

3. Admin

CheckCurrent ValueRecommendation
roleLongSession 43200 Review & reduce max session duration
FullAdminAccess AdministratorAccess Limit permissions.

4. aspnetecstaskroles

CheckCurrent ValueRecommendation
unusedRole 647 days passed Review & remove inactive roles

5. AthenaCURdailyStack-AWSCURCrawlerComponentFunction-XX4CHL7H96MD

CheckCurrent ValueRecommendation
unusedRole 569 days Review & remove inactive roles
ManagedPolicyFullAccessOneServ AWSGlueServiceRole Limit permissions.
InlinePolicy AWSCURCrawlerComponentFunction
AWSCURKMSDecryption		 Use managed policies

6. AthenaCURdailyStack-AWSCURCrawlerLambdaExecutor-18PJXDZOQVUT8

CheckCurrent ValueRecommendation
unusedRole 569 days Review & remove inactive roles
InlinePolicy AWSCURCrawlerLambdaExecutor Use managed policies

7. AthenaCURdailyStack-AWSS3CURLambdaExecutor-91GHL63BKDPJ

CheckCurrent ValueRecommendation
unusedRole 569 days Review & remove inactive roles
InlinePolicy AWSS3CURLambdaExecutor Use managed policies

8. AthenaCURMonthlyStack-AWSCURCrawlerComponentFuncti-1AJFUSIA0NX5X

CheckCurrent ValueRecommendation
unusedRole 561 days Review & remove inactive roles
ManagedPolicyFullAccessOneServ AWSGlueServiceRole Limit permissions.
InlinePolicy AWSCURCrawlerComponentFunction
AWSCURKMSDecryption		 Use managed policies

9. AthenaCURMonthlyStack-AWSCURCrawlerLambdaExecutor-17MUZETRCHEGM

CheckCurrent ValueRecommendation
InlinePolicy AWSCURCrawlerLambdaExecutor Use managed policies

10. AthenaCURMonthlyStack-AWSS3CURLambdaExecutor-19ZYBIKM90TK9

CheckCurrent ValueRecommendation
unusedRole 569 days Review & remove inactive roles
InlinePolicy AWSS3CURLambdaExecutor Use managed policies

11. AVMContainersUserRole

CheckCurrent ValueRecommendation
unusedRole 576 days passed Review & remove inactive roles
InlinePolicy AWSContainerAssessmentPolicy Use managed policies

12. aws-ec2-spot-fleet-tagging-role

CheckCurrent ValueRecommendation
unusedRole 350 days Review & remove inactive roles

13. aws-security-hub-automate-orchestratorRole12B410FD-1VFCRA5D658CQ

CheckCurrent ValueRecommendation
unusedRole 440 days Review & remove inactive roles
InlinePolicy BasePolicy Use managed policies

14. aws-security-hub-automate-SNS2DeliveryStatusLoggin-1XB1ER18ZZ6IV

CheckCurrent ValueRecommendation
unusedRole 556 days passed Review & remove inactive roles
InlinePolicy SNS2DeliveryStatusLoggingRoleDeliveryStatusLoggingPolicy4C4F6343 Use managed policies

15. awslogs.prod.kelex.molecule.toppatterns

CheckCurrent ValueRecommendation
unusedRole 191 days passed Review & remove inactive roles
InlinePolicy AWSLogsOptimizerPolicy Use managed policies

16. AWSReservedSSO_AWSAdministratorAccess_ac7e558480de85c0

CheckCurrent ValueRecommendation
roleLongSession 43200 Review & reduce max session duration
FullAdminAccess AdministratorAccess Limit permissions.

17. AWSReservedSSO_AWSPowerUserAccess_00098b9536c9ffa7

CheckCurrent ValueRecommendation
roleLongSession 43200 Review & reduce max session duration
unusedRole 503 days passed Review & remove inactive roles
ManagedPolicyFullAccessOneServ PowerUserAccess Limit permissions.

18. AWSReservedSSO_AWSReadOnlyAccess_4426e61ec70ce688

CheckCurrent ValueRecommendation
roleLongSession 43200 Review & reduce max session duration
unusedRole 503 days passed Review & remove inactive roles

19. AWSReservedSSO_AWSServiceCatalogAdminFullAccess_c710ef77c5721888

CheckCurrent ValueRecommendation
roleLongSession 43200 Review & reduce max session duration
unusedRole 503 days passed Review & remove inactive roles

20. AWSReservedSSO_AWSServiceCatalogEndUserAccess_2f1286af87fe02c6

CheckCurrent ValueRecommendation
roleLongSession 43200 Review & reduce max session duration
unusedRole 114 days Review & remove inactive roles
InlinePolicy AwsSSOInlinePolicy Use managed policies

21. AWSSupportPatchwork-ap-northeast-1-AutomationRole

CheckCurrent ValueRecommendation
unusedRole 553 days passed Review & remove inactive roles
InlinePolicy AWSSupportPatchwork-ap-northeast-1-AttachIAMToInstancePolicy Use managed policies

22. AWSSupportPatchwork-ap-northeast-2-AutomationRole

CheckCurrent ValueRecommendation
unusedRole 553 days passed Review & remove inactive roles
InlinePolicy AWSSupportPatchwork-ap-northeast-2-AttachIAMToInstancePolicy Use managed policies

23. AWSSupportPatchwork-ap-south-1-AutomationRole

CheckCurrent ValueRecommendation
unusedRole 553 days passed Review & remove inactive roles
InlinePolicy AWSSupportPatchwork-ap-south-1-AttachIAMToInstancePolicy Use managed policies

24. AWSSupportPatchwork-ap-southeast-1-AutomationRole

CheckCurrent ValueRecommendation
InlinePolicy AWSSupportPatchwork-ap-southeast-1-AttachIAMToInstancePolicy Use managed policies

25. AWSSupportPatchwork-ap-southeast-2-AutomationRole

CheckCurrent ValueRecommendation
unusedRole 553 days passed Review & remove inactive roles
InlinePolicy AWSSupportPatchwork-ap-southeast-2-AttachIAMToInstancePolicy Use managed policies

26. AWSSupportPatchwork-ca-central-1-AutomationRole

CheckCurrent ValueRecommendation
unusedRole 553 days passed Review & remove inactive roles
InlinePolicy AWSSupportPatchwork-ca-central-1-AttachIAMToInstancePolicy Use managed policies

27. AWSSupportPatchwork-eu-central-1-AutomationRole

CheckCurrent ValueRecommendation
unusedRole 553 days passed Review & remove inactive roles
InlinePolicy AWSSupportPatchwork-eu-central-1-AttachIAMToInstancePolicy Use managed policies

28. AWSSupportPatchwork-eu-north-1-AutomationRole

CheckCurrent ValueRecommendation
unusedRole 553 days passed Review & remove inactive roles
InlinePolicy AWSSupportPatchwork-eu-north-1-AttachIAMToInstancePolicy Use managed policies

29. AWSSupportPatchwork-eu-west-1-AutomationRole

CheckCurrent ValueRecommendation
unusedRole 553 days passed Review & remove inactive roles
InlinePolicy AWSSupportPatchwork-eu-west-1-AttachIAMToInstancePolicy Use managed policies

30. AWSSupportPatchwork-eu-west-2-AutomationRole

CheckCurrent ValueRecommendation
unusedRole 553 days passed Review & remove inactive roles
InlinePolicy AWSSupportPatchwork-eu-west-2-AttachIAMToInstancePolicy Use managed policies

31. AWSSupportPatchwork-eu-west-3-AutomationRole

CheckCurrent ValueRecommendation
unusedRole 553 days passed Review & remove inactive roles
InlinePolicy AWSSupportPatchwork-eu-west-3-AttachIAMToInstancePolicy Use managed policies

32. AWSSupportPatchwork-sa-east-1-AutomationRole

CheckCurrent ValueRecommendation
unusedRole 553 days passed Review & remove inactive roles
InlinePolicy AWSSupportPatchwork-sa-east-1-AttachIAMToInstancePolicy Use managed policies

33. AWSSupportPatchwork-us-east-1-AutomationRole

CheckCurrent ValueRecommendation
unusedRole 149 days Review & remove inactive roles
InlinePolicy AWSSupportPatchwork-us-east-1-AttachIAMToInstancePolicy Use managed policies

34. AWSSupportPatchwork-us-east-2-AutomationRole

CheckCurrent ValueRecommendation
unusedRole 553 days passed Review & remove inactive roles
InlinePolicy AWSSupportPatchwork-us-east-2-AttachIAMToInstancePolicy Use managed policies

35. AWSSupportPatchwork-us-west-1-AutomationRole

CheckCurrent ValueRecommendation
unusedRole 553 days passed Review & remove inactive roles
InlinePolicy AWSSupportPatchwork-us-west-1-AttachIAMToInstancePolicy Use managed policies

36. AWSSupportPatchwork-us-west-2-AutomationRole

CheckCurrent ValueRecommendation
InlinePolicy AWSSupportPatchwork-us-west-2-AttachIAMToInstancePolicy Use managed policies

37. AWSVAPTAudit

CheckCurrent ValueRecommendation
unusedRole 815 days passed Review & remove inactive roles

38. CID-CUR-Destination-CIDLambdaAnalyticsRole-4lnxU3a60sr4

CheckCurrent ValueRecommendation
unusedRole 379 days Review & remove inactive roles
InlinePolicy ExecutionDefault Use managed policies

39. CidExecRole

CheckCurrent ValueRecommendation
unusedRole 379 days Review & remove inactive roles
InlinePolicy CidExecPolicy Use managed policies

40. CidQuickSightDataSourceRole

CheckCurrent ValueRecommendation
InlinePolicy AthenaAccess
QuickSightDataSource-S3AccessCUR		 Use managed policies

41. Cloud-Intelligence-Dashbo-ProcessPathLambdaExecutio-4v29TjzrvQTv

CheckCurrent ValueRecommendation
unusedRole 379 days Review & remove inactive roles
ManagedPolicyFullAccessOneServ AWSLambdaExecute Limit permissions.

42. Cloud-Intelligence-Dashboar-InitLambdaExecutionRole-ZassKR4B4CY8

CheckCurrent ValueRecommendation
unusedRole 379 days Review & remove inactive roles
ManagedPolicyFullAccessOneServ AWSLambdaExecute Limit permissions.
InlinePolicy AthenaQueryResultsBucketDeletion
AthenaWorkGroupDeletion
root
StartCrawler		 Use managed policies

43. Cloud-Intelligence-Dashboards-CidCURCrawlerRole-6n5acUHm6w0r

CheckCurrent ValueRecommendation
unusedRole 370 days Review & remove inactive roles
ManagedPolicyFullAccessOneServ AWSGlueServiceRole Limit permissions.
InlinePolicy AWSCURCrawlerComponentFunction Use managed policies

44. CloudSecAuditRole

CheckCurrent ValueRecommendation
unusedRole 145 days passed Review & remove inactive roles
InlinePolicy CloudSecAuditPolicy-prod Use managed policies

45. CloudSeerTrustedServiceRole

CheckCurrent ValueRecommendation
unusedRole 173 days Review & remove inactive roles
InlinePolicy CloudSeerTrustedServicePolicy Use managed policies

46. CodeGuruProfilerForwardToAmazonProfiler

CheckCurrent ValueRecommendation
unusedRole 363 days passed Review & remove inactive roles
InlinePolicy CodeGuruProfilerPolicy Use managed policies

47. CURathenaStack-AWSCURCrawlerComponentFunction-Y25X9I4YKV02

CheckCurrent ValueRecommendation
unusedRole 569 days Review & remove inactive roles
ManagedPolicyFullAccessOneServ AWSGlueServiceRole Limit permissions.
InlinePolicy AWSCURCrawlerComponentFunction
AWSCURKMSDecryption		 Use managed policies

48. CURathenaStack-AWSCURCrawlerLambdaExecutor-WYW3Y5BXZGA

CheckCurrent ValueRecommendation
unusedRole 569 days Review & remove inactive roles
InlinePolicy AWSCURCrawlerLambdaExecutor Use managed policies

49. CURathenaStack-AWSS3CURLambdaExecutor-YH390THQNEJX

CheckCurrent ValueRecommendation
unusedRole 577 days Review & remove inactive roles
InlinePolicy AWSS3CURLambdaExecutor Use managed policies

50. EC2CapacityReservationService

CheckCurrent ValueRecommendation
unusedRole 815 days passed Review & remove inactive roles

51. ecsAutoscaleRole

CheckCurrent ValueRecommendation
unusedRole 646 days passed Review & remove inactive roles

52. ecsTaskExecutionRole

CheckCurrent ValueRecommendation
unusedRole 644 days Review & remove inactive roles

53. IMDSv2-automigrator

CheckCurrent ValueRecommendation
InlinePolicy IMDSv2-automigrator Use managed policies

54. MarketplaceFullAccess

CheckCurrent ValueRecommendation
unusedRole 118 days passed Review & remove inactive roles
ManagedPolicyFullAccessOneServ AWSMarketplaceFullAccess Limit permissions.

55. OrthancRole

CheckCurrent ValueRecommendation
ManagedPolicyFullAccessOneServ AmazonGuardDutyFullAccess Limit permissions.
InlinePolicy AmazonGuardDutyFullAccess Use managed policies

56. rds-monitoring-role

CheckCurrent ValueRecommendation
unusedRole 461 days Review & remove inactive roles

57. SaltyTrustedService

CheckCurrent ValueRecommendation
unusedRole 33 days passed Review & remove inactive roles
InlinePolicy SaltyTrustedServicePolicy Use managed policies

58. security-hub-format-LambdaExecutionRole-nFM8xh5M3MeA

CheckCurrent ValueRecommendation
roleLongSession 43200 Review & reduce max session duration
InlinePolicy SecurityHubFullReport Use managed policies

59. SecurityHub_CSV_Exporter

CheckCurrent ValueRecommendation
unusedRole 161 days passed Review & remove inactive roles

60. ShadowTrooperRole

CheckCurrent ValueRecommendation
unusedRole 190 days passed Review & remove inactive roles
InlinePolicy ShadowTrooperPolicy-prod Use managed policies

61. SO0111-CloudTrailToCloudWatchLogs

CheckCurrent ValueRecommendation
unusedRole 556 days passed Review & remove inactive roles
InlinePolicy default_lambdaPolicy Use managed policies

62. SO0111-ConfigureS3BucketLogging

CheckCurrent ValueRecommendation
unusedRole 556 days passed Review & remove inactive roles
InlinePolicy RemediationRoleConfigureS3BucketLoggingSHARRMemberBasePolicyAC4F82A8
SHARRRemediationPolicyConfigureS3BucketLogging9F85EEE2		 Use managed policies

63. SO0111-ConfigureS3BucketPublicAccessBlock

CheckCurrent ValueRecommendation
unusedRole 556 days passed Review & remove inactive roles
InlinePolicy RemediationRoleConfigureS3BucketPublicAccessBlockSHARRMemberBasePolicyB9DCBD99
SHARRRemediationPolicyConfigureS3BucketPublicAccessBlock2E4EF13D		 Use managed policies

64. SO0111-ConfigureS3PublicAccessBlock

CheckCurrent ValueRecommendation
unusedRole 556 days passed Review & remove inactive roles
InlinePolicy RemediationRoleConfigureS3PublicAccessBlockSHARRMemberBasePolicy26BF29A6
SHARRRemediationPolicyConfigureS3PublicAccessBlockEAD9CA55		 Use managed policies

65. SO0111-ConfigureSNSTopicForStack

CheckCurrent ValueRecommendation
unusedRole 556 days passed Review & remove inactive roles
InlinePolicy RemediationRoleConfigureSNSTopicForStackSHARRMemberBasePolicyB95FE457
SHARRRemediationPolicyConfigureSNSTopicForStackEF9274DC		 Use managed policies

66. SO0111-CreateAccessLoggingBucket

CheckCurrent ValueRecommendation
unusedRole 556 days passed Review & remove inactive roles
InlinePolicy RemediationRoleCreateAccessLoggingBucketSHARRMemberBasePolicy0B9908F2
SHARRRemediationPolicyCreateAccessLoggingBucket4A1677D6		 Use managed policies

67. SO0111-CreateCloudTrailMultiRegionTrail

CheckCurrent ValueRecommendation
unusedRole 556 days passed Review & remove inactive roles
InlinePolicy RemediationRoleCreateCloudTrailMultiRegionTrailSHARRMemberBasePolicyA86222AF
SHARRRemediationPolicyCreateCloudTrailMultiRegionTrail59B12044		 Use managed policies

68. SO0111-CreateIAMSupportRole

CheckCurrent ValueRecommendation
unusedRole 556 days passed Review & remove inactive roles
InlinePolicy RemediationRoleCreateIAMSupportRoleSHARRMemberBasePolicyB811FF40
SHARRRemediationPolicyCreateIAMSupportRoleB5DDF732		 Use managed policies

69. SO0111-CreateLogMetricFilterAndAlarm

CheckCurrent ValueRecommendation
unusedRole 556 days passed Review & remove inactive roles
InlinePolicy RemediationRoleCreateLogMetricFilterAndAlarmSHARRMemberBasePolicy2AFEEF94
SHARRRemediationPolicyCreateLogMetricFilterAndAlarm102AC980		 Use managed policies

70. SO0111-DisablePublicAccessForSecurityGroup

CheckCurrent ValueRecommendation
unusedRole 556 days passed Review & remove inactive roles
InlinePolicy RemediationRoleDisablePublicAccessForSecurityGroupSHARRMemberBasePolicy3076FC8A
SHARRRemediationPolicyDisablePublicAccessForSecurityGroupE214EF9A		 Use managed policies

71. SO0111-DisablePublicAccessToRDSInstance

CheckCurrent ValueRecommendation
unusedRole 556 days passed Review & remove inactive roles
InlinePolicy RemediationRoleDisablePublicAccessToRDSInstanceSHARRMemberBasePolicyD50CB3CA
SHARRRemediationPolicyDisablePublicAccessToRDSInstance0F21A96A		 Use managed policies

72. SO0111-DisablePublicAccessToRedshiftCluster

CheckCurrent ValueRecommendation
unusedRole 556 days passed Review & remove inactive roles
InlinePolicy RemediationRoleDisablePublicAccessToRedshiftClusterSHARRMemberBasePolicy071786CD
SHARRRemediationPolicyDisablePublicAccessToRedshiftCluster6F8CE9CA		 Use managed policies

73. SO0111-DisablePublicIPAutoAssign

CheckCurrent ValueRecommendation
unusedRole 556 days passed Review & remove inactive roles
InlinePolicy RemediationRoleDisablePublicIPAutoAssignSHARRMemberBasePolicy3E997D42
SHARRRemediationPolicyDisablePublicIPAutoAssign0249B3D7		 Use managed policies

74. SO0111-EnableAutomaticSnapshotsOnRedshiftCluster

CheckCurrent ValueRecommendation
unusedRole 556 days passed Review & remove inactive roles
InlinePolicy RemediationRoleEnableAutomaticSnapshotsOnRedshiftClusterSHARRMemberBasePolicyB55A3D11
SHARRRemediationPolicyEnableAutomaticSnapshotsOnRedshiftCluster2DE51374		 Use managed policies

75. SO0111-EnableAutomaticVersionUpgradeOnRedshiftCluster

CheckCurrent ValueRecommendation
unusedRole 556 days passed Review & remove inactive roles
InlinePolicy RemediationRoleEnableAutomaticVersionUpgradeOnRedshiftClusterSHARRMemberBasePolicyFEA51B64
SHARRRemediationPolicyEnableAutomaticVersionUpgradeOnRedshiftCluster4644F616		 Use managed policies

76. SO0111-EnableAutoScalingGroupELBHealthCheck

CheckCurrent ValueRecommendation
unusedRole 556 days passed Review & remove inactive roles
InlinePolicy RemediationRoleEnableAutoScalingGroupELBHealthCheckSHARRMemberBasePolicy3ED01525
SHARRRemediationPolicyEnableAutoScalingGroupELBHealthCheckD6F46CE8		 Use managed policies

77. SO0111-EnableAWSConfig

CheckCurrent ValueRecommendation
unusedRole 556 days passed Review & remove inactive roles
InlinePolicy RemediationRoleEnableAWSConfigSHARRMemberBasePolicy535B8C0F
SHARRRemediationPolicyEnableAWSConfig8A0259D3		 Use managed policies

78. SO0111-EnableCloudTrailEncryption

CheckCurrent ValueRecommendation
unusedRole 556 days passed Review & remove inactive roles
InlinePolicy RemediationRoleEnableCloudTrailEncryptionSHARRMemberBasePolicy6489774E
SHARRRemediationPolicyEnableCloudTrailEncryption5715DA83		 Use managed policies

79. SO0111-EnableCloudTrailLogFileValidation

CheckCurrent ValueRecommendation
unusedRole 556 days passed Review & remove inactive roles
InlinePolicy RemediationRoleEnableCloudTrailLogFileValidationSHARRMemberBasePolicy85A07C2D
SHARRRemediationPolicyEnableCloudTrailLogFileValidation00359A88		 Use managed policies

80. SO0111-EnableCloudTrailToCloudWatchLogging

CheckCurrent ValueRecommendation
unusedRole 556 days passed Review & remove inactive roles
InlinePolicy RemediationRoleEnableCloudTrailToCloudWatchLoggingSHARRMemberBasePolicy0E4130D5
SHARRRemediationPolicyEnableCloudTrailToCloudWatchLoggingA9BBB945		 Use managed policies

81. SO0111-EnableCopyTagsToSnapshotOnRDSCluster

CheckCurrent ValueRecommendation
unusedRole 556 days passed Review & remove inactive roles
InlinePolicy RemediationRoleEnableCopyTagsToSnapshotOnRDSClusterSHARRMemberBasePolicy5F24C304
SHARRRemediationPolicyEnableCopyTagsToSnapshotOnRDSClusterC9C3E856		 Use managed policies

82. SO0111-EnableDefaultEncryptionS3

CheckCurrent ValueRecommendation
unusedRole 556 days passed Review & remove inactive roles
InlinePolicy RemediationRoleEnableDefaultEncryptionS3SHARRMemberBasePolicyB6B36B9A
SHARRRemediationPolicyEnableDefaultEncryptionS37717FB1C		 Use managed policies

83. SO0111-EnableDeliveryStatusLoggingForSNSTopic

CheckCurrent ValueRecommendation
unusedRole 556 days passed Review & remove inactive roles
InlinePolicy RemediationRoleEnableDeliveryStatusLoggingForSNSTopicSHARRMemberBasePolicyB5BB9F17
SHARRRemediationPolicyEnableDeliveryStatusLoggingForSNSTopic9AE002C8		 Use managed policies

84. SO0111-EnableEbsEncryptionByDefault

CheckCurrent ValueRecommendation
unusedRole 556 days passed Review & remove inactive roles
InlinePolicy RemediationRoleEnableEbsEncryptionByDefaultSHARRMemberBasePolicy77CF4834
SHARRRemediationPolicyEnableEbsEncryptionByDefaultED8BC775		 Use managed policies

85. SO0111-EnableEncryptionForSNSTopic

CheckCurrent ValueRecommendation
unusedRole 556 days passed Review & remove inactive roles
InlinePolicy RemediationRoleEnableEncryptionForSNSTopicSHARRMemberBasePolicy1899CCB2
SHARRRemediationPolicyEnableEncryptionForSNSTopicE817DD20		 Use managed policies

86. SO0111-EnableEncryptionForSQSQueue

CheckCurrent ValueRecommendation
unusedRole 556 days passed Review & remove inactive roles
InlinePolicy RemediationRoleEnableEncryptionForSQSQueueSHARRMemberBasePolicy2088FE8D
SHARRRemediationPolicyEnableEncryptionForSQSQueue705DEB0F		 Use managed policies

87. SO0111-EnableEnhancedMonitoringOnRDSInstance

CheckCurrent ValueRecommendation
unusedRole 556 days passed Review & remove inactive roles
InlinePolicy RemediationRoleEnableEnhancedMonitoringOnRDSInstanceSHARRMemberBasePolicy4D03FBD0
SHARRRemediationPolicyEnableEnhancedMonitoringOnRDSInstance6E7C63B0		 Use managed policies

88. SO0111-EnableKeyRotation

CheckCurrent ValueRecommendation
unusedRole 556 days passed Review & remove inactive roles
InlinePolicy RemediationRoleEnableKeyRotationSHARRMemberBasePolicyA6E832D4
SHARRRemediationPolicyEnableKeyRotation7DBFDFE8		 Use managed policies

89. SO0111-EnableMinorVersionUpgradeOnRDSDBInstance

CheckCurrent ValueRecommendation
unusedRole 556 days passed Review & remove inactive roles
InlinePolicy RemediationRoleEnableMinorVersionUpgradeOnRDSDBInstanceSHARRMemberBasePolicyCB8B3F14
SHARRRemediationPolicyEnableMinorVersionUpgradeOnRDSDBInstance8FBADA19		 Use managed policies

90. SO0111-EnableMultiAZOnRDSInstance

CheckCurrent ValueRecommendation
unusedRole 556 days passed Review & remove inactive roles
InlinePolicy RemediationRoleEnableMultiAZOnRDSInstanceSHARRMemberBasePolicy1DE61917
SHARRRemediationPolicyEnableMultiAZOnRDSInstance3A3D7BEA		 Use managed policies

91. SO0111-EnableRDSClusterDeletionProtection

CheckCurrent ValueRecommendation
unusedRole 556 days passed Review & remove inactive roles
InlinePolicy RemediationRoleEnableRDSClusterDeletionProtectionSHARRMemberBasePolicy90D2EA44
SHARRRemediationPolicyEnableRDSClusterDeletionProtectionBC66754B		 Use managed policies

92. SO0111-EnableRDSInstanceDeletionProtection

CheckCurrent ValueRecommendation
unusedRole 556 days passed Review & remove inactive roles
InlinePolicy RemediationRoleEnableRDSInstanceDeletionProtectionSHARRMemberBasePolicy5071CD93
SHARRRemediationPolicyEnableRDSInstanceDeletionProtection908386A3		 Use managed policies

93. SO0111-EnableRedshiftClusterAuditLogging

CheckCurrent ValueRecommendation
unusedRole 556 days passed Review & remove inactive roles
InlinePolicy RemediationRoleEnableRedshiftClusterAuditLoggingSHARRMemberBasePolicyFB2EC252
SHARRRemediationPolicyEnableRedshiftClusterAuditLogging37BC8505		 Use managed policies

94. SO0111-EnableVPCFlowLogs

CheckCurrent ValueRecommendation
unusedRole 556 days passed Review & remove inactive roles
InlinePolicy RemediationRoleEnableVPCFlowLogsSHARRMemberBasePolicy0D33A918
SHARRRemediationPolicyEnableVPCFlowLogs22F36069		 Use managed policies

95. SO0111-EnableVPCFlowLogs-remediationRole

CheckCurrent ValueRecommendation
unusedRole 556 days passed Review & remove inactive roles
InlinePolicy default_lambdaPolicy Use managed policies

96. SO0111-EncryptRDSSnapshot

CheckCurrent ValueRecommendation
unusedRole 556 days passed Review & remove inactive roles
InlinePolicy RemediationRoleEncryptRDSSnapshotSHARRMemberBasePolicyB377E8DA
SHARRRemediationPolicyEncryptRDSSnapshot27491BE0		 Use managed policies

97. SO0111-MakeEBSSnapshotsPrivate

CheckCurrent ValueRecommendation
unusedRole 556 days passed Review & remove inactive roles
InlinePolicy RemediationRoleMakeEBSSnapshotsPrivateSHARRMemberBasePolicy7DE85B9C
SHARRRemediationPolicyMakeEBSSnapshotsPrivate64D2F13D		 Use managed policies

98. SO0111-MakeRDSSnapshotPrivate

CheckCurrent ValueRecommendation
unusedRole 556 days passed Review & remove inactive roles
InlinePolicy RemediationRoleMakeRDSSnapshotPrivateSHARRMemberBasePolicyFF0FBF31
SHARRRemediationPolicyMakeRDSSnapshotPrivate26FDF037		 Use managed policies

99. SO0111-RDSMonitoring-remediationRole

CheckCurrent ValueRecommendation
unusedRole 556 days passed Review & remove inactive roles
InlinePolicy Rds6EnhancedMonitoringRoleRDS6EnhancedMonitoringPolicyA2EB4EE9 Use managed policies

100. SO0111-RemoveLambdaPublicAccess

CheckCurrent ValueRecommendation
unusedRole 556 days passed Review & remove inactive roles
InlinePolicy RemediationRoleRemoveLambdaPublicAccessSHARRMemberBasePolicy6AACE4BE
SHARRRemediationPolicyRemoveLambdaPublicAccessDD6213D0		 Use managed policies

101. SO0111-RemoveVPCDefaultSecurityGroupRules

CheckCurrent ValueRecommendation
unusedRole 556 days passed Review & remove inactive roles
InlinePolicy RemediationRoleRemoveVPCDefaultSecurityGroupRulesSHARRMemberBasePolicy18B08253
SHARRRemediationPolicyRemoveVPCDefaultSecurityGroupRules94040124		 Use managed policies

102. SO0111-ReplaceCodeBuildClearTextCredentials

CheckCurrent ValueRecommendation
unusedRole 556 days passed Review & remove inactive roles
InlinePolicy RemediationRoleReplaceCodeBuildClearTextCredentialsSHARRMemberBasePolicy93CBC55E
SHARRRemediationPolicyReplaceCodeBuildClearTextCredentials399A9B2A		 Use managed policies

103. SO0111-RevokeUnrotatedKeys

CheckCurrent ValueRecommendation
unusedRole 556 days passed Review & remove inactive roles
InlinePolicy RemediationRoleRevokeUnrotatedKeysSHARRMemberBasePolicy493293CA
SHARRRemediationPolicyRevokeUnrotatedKeys7F92ECED		 Use managed policies

104. SO0111-RevokeUnusedIAMUserCredentials

CheckCurrent ValueRecommendation
unusedRole 556 days passed Review & remove inactive roles
InlinePolicy RemediationRoleRevokeUnusedIAMUserCredentialsSHARRMemberBasePolicy6519E750
SHARRRemediationPolicyRevokeUnusedIAMUserCredentialsEEF45939		 Use managed policies

105. SO0111-S3BlockDenylist

CheckCurrent ValueRecommendation
unusedRole 556 days passed Review & remove inactive roles
InlinePolicy RemediationRoleS3BlockDenylistSHARRMemberBasePolicyFEAC9691
SHARRRemediationPolicyS3BlockDenylist2115A636		 Use managed policies

106. SO0111-SetIAMPasswordPolicy

CheckCurrent ValueRecommendation
unusedRole 556 days passed Review & remove inactive roles
InlinePolicy RemediationRoleSetIAMPasswordPolicySHARRMemberBasePolicy3E89D2C9
SHARRRemediationPolicySetIAMPasswordPolicy044BED0C		 Use managed policies

107. SO0111-SetSSLBucketPolicy

CheckCurrent ValueRecommendation
unusedRole 556 days passed Review & remove inactive roles
InlinePolicy RemediationRoleSetSSLBucketPolicySHARRMemberBasePolicy21EBF952
SHARRRemediationPolicySetSSLBucketPolicy2B2017FE		 Use managed policies

108. SO0111-SHARR-Orchestrator-Member

CheckCurrent ValueRecommendation
unusedRole 556 days passed Review & remove inactive roles
InlinePolicy member_orchestrator Use managed policies

109. SpringClean-XUG3HH5R-AutoUpdateElevatedRole-1IM6AYMGMCA35

CheckCurrent ValueRecommendation
unusedRole 266 days Review & remove inactive roles
InlinePolicy scheduledAutoUpdate Use managed policies

110. SpringClean-XUG3HH5R-AutoUpdateRole-20LWKR871KYY

CheckCurrent ValueRecommendation
InlinePolicy scheduledautoupdate-basic Use managed policies

111. SpringClean-XUG3HH5R-FeatureCheckerFunctionRole-1AH36Y9VYP822

CheckCurrent ValueRecommendation
unusedRole 266 days Review & remove inactive roles
InlinePolicy EligiblityCheckerPolicy Use managed policies

112. SpringClean-XUG3HH5R-SesVerifyEmailFunctionRole-1TXMG47957RRG

CheckCurrent ValueRecommendation
unusedRole 811 days passed Review & remove inactive roles
InlinePolicy SESVerifiedEmailModifier Use managed policies

113. SpringClean-XUG3HH5R-SpringCleanRole-LMVT7YWUT75Y

CheckCurrent ValueRecommendation
InlinePolicy KinesisAnalyticsResourcePolicy
LambdaFunctionResource
OpsWorksCMResourcePolicy
OpsWorksResourcePolicy
SCBatchResourcePolicy
SCLambdaAutoScalingResourcePolicy
SCLambdaSpringClean-CloudFormationResourcePolicy
SCLambdaSpringClean-DAXResourcePolicy
SCLambdaSpringClean-DynamoDBResourcePolicy
SCLambdaSpringClean-EC2AuthControlResourcePolicy
SCLambdaSpringClean-EC2DedicatedHostResourcePolicy
SCLambdaSpringClean-EC2InstancesResourcePolicy
SCLambdaSpringClean-EC2SecurityGroupsResourcePolicy
SCLambdaSpringClean-EC2SnapshotsAMIResourcePolicy
SCLambdaSpringClean-EC2VolumesResourcePolicy
SCLambdaSpringClean-EC2VPNConnectionResourcePolicy
SCLambdaSpringClean-EFSResourcePolicy
SCLambdaSpringClean-EIPResourcePolicy
SCLambdaSpringClean-EKSResourcePolicy
SCLambdaSpringClean-ElastiCacheResourcePolicy
SCLambdaSpringClean-ElasticSearchResourcePolicy
SCLambdaSpringClean-ELBResourcePolicy
SCLambdaSpringClean-EMRResourcePolicy
SCLambdaSpringClean-FSxFilesystemResourcePolicy
SCLambdaSpringClean-GlueEndpointsResourcePolicy
SCLambdaSpringClean-KinesisResourcePolicy
SCLambdaSpringClean-LightSailInstanceResourcePolicy
SCLambdaSpringClean-MSKClusterResourcePolicy
SCLambdaSpringClean-NATGWResourcePolicy
SCLambdaSpringClean-R53ResolverEndpointsResourcePolicy
SCLambdaSpringClean-R53ResourcePolicy
SCLambdaSpringClean-RDSClusterResourcePolicy
SCLambdaSpringClean-RDSControlResourcePolicy
SCLambdaSpringClean-RDSResourcePolicy
SCLambdaSpringClean-RDSSnapshotPolicy
SCLambdaSpringClean-RedShiftResourcePolicy
SCLambdaSpringClean-S3ControlPolicy
SCLambdaSpringClean-SageMakerNotebookPolicy
SCLambdaSpringClean-SNSControlResourcePolicy
SCLambdaSpringClean-VPCEResourcePolicy
SCLambdaSpringClean-VPCEServiceResourcePolicy
SFTPTransferResource
SpringCleanLambda-ElasticBeanstalkResourcePolicy		 Use managed policies

114. SpringClean-XUG3HH5R-SpringCleanStackSetAdministra-QIMZ48DM5OFV

CheckCurrent ValueRecommendation
unusedRole 266 days Review & remove inactive roles
InlinePolicy AssumeRole-AWSCloudFormationStackSetExecutionRole Use managed policies

115. SpringClean-XUG3HH5R-SpringCleanStackSetExecutionR-D9DWX0EX1ZOA

CheckCurrent ValueRecommendation
unusedRole 266 days Review & remove inactive roles
InlinePolicy CFNExecutor Use managed policies
InlinePolicyFullAccessOneServ CFNExecutor Limit access in policy

116. testCarbonRole

CheckCurrent ValueRecommendation
unusedRole 301 days passed Review & remove inactive roles
InlinePolicy Sustainability-CFT Use managed policies

117. TurtleRoleManagement

CheckCurrent ValueRecommendation
unusedRole 319 days passed Review & remove inactive roles
InlinePolicy TurtleRoleManagementPolicy Use managed policies

118. vpcflowCWrole

CheckCurrent ValueRecommendation
unusedRole 156 days Review & remove inactive roles
InlinePolicy policycreateflowlog Use managed policies

119. wwRoleEC2SES

CheckCurrent ValueRecommendation
unusedRole 494 days Review & remove inactive roles

120. wwRoleLambdaSES

CheckCurrent ValueRecommendation
unusedRole 503 days Review & remove inactive roles

121. ww_augnhtrole

CheckCurrent ValueRecommendation
unusedRole 678 days Review & remove inactive roles
FullAdminAccess AdministratorAccess Limit permissions.

122. admin-group

CheckCurrent ValueRecommendation
FullAdminAccess AdministratorAccess Limit permissions.

123. Config

CheckCurrent ValueRecommendation
passwordPolicy NoSuchEntity Set a custom password policy.
PartialEnableConfigService ap-northeast-1, ap-northeast-2, ap-northeast-3, ap-south-1, ap-southeast-3, ap-southeast-5, ca-central-1, eu-central-1, eu-north-1, eu-west-1, eu-west-2, eu-west-3, sa-east-1, us-east-2, us-west-1, us-west-2 Enable AWS Config