IAM

  1. Home
  2. IAM

119

Resources

138

Total Findings

371

Rules Executed

37

Unique Rules

0

Exception

206.549s

Timespent

Summary

Filter

passwordLastChange90

Security
Description
1 IAM user passwords have not been changed in more than 90 days. Please rotate the passwords. Alternatively, you can set an expiration period in the password policy.
Resources
GLOBAL: User::root_id
Recommendation
Managing IAM Password

consoleLastAccess90

Security
Description
1 IAM users have not accessed the AWS console in more than 90 days. Please identify the need for these IAM users to access the console and delete them if not needed.
Resources
GLOBAL: User::root_id
Recommendation
Finds unused credentials

rootMfaActive

Security
Description
Root user can perform sensitive operations in your account, adding an additional layer of authentication helps you to better secure your account. You have NOT enabled Multi-Factor Authentication (MFA) on your root user. AWS MFA is a simple best practice that adds an extra layer of protection on top of your user name and password. With MFA enabled, when a user signs in to an AWS Management Console, they will be prompted for their user name and password (the first factor—what they know), as well as for an authentication code from their AWS MFA device (the second factor—what they have). Taken together, these multiple factors provide increased security for your AWS account settings and resources.
Resources
GLOBAL: User::root_id
Label
Cost Incurred (maybe)
Recommendation
AWS MFA
IAM Best Practices

userNotUsingGroup

Operation Excellence
Description
1 users are not within user groups. An IAM user group is a collection of IAM users. User groups let you specify permissions for multiple users, which can make it easier to manage the permissions for those users.
Resources
GLOBAL: User::pgw-cassandra-user
Recommendation
IAM Group

InlinePolicy

Operation Excellence
Description
You have set an inline policy for 41 IAM users, groups or roles. An inline policy is a policy that's embedded in an IAM identity (a user, group, or role). In most cases, we recommend that you use managed policies instead of inline policies. This is because managed policies have several additional features such as reusability, central change management, versioning and rolling back, delegating permissions management and automatic updates. Inline policies are useful if you want to maintain a strict one-to-one relationship between a policy and the identity that it's applied to. For example, you want to be sure that the permissions in a policy are not inadvertently assigned to an identity other than the one they're intended for.
Resources
GLOBAL: User::pgw-cassandra-user | Role::aws-controltower-ForwardSnsNotificationRole | Role::AWSReservedSSO_YoPayment-AWS-Data-Pgw-Dev_5af8cd0c694d6669 | Role::AWSReservedSSO_YoPayment-AWS-Developer-Pgw-Dev_c207ab9d1e5199f5 | Role::AWSReservedSSO_YoPayment-AWS-Platform-Pgw-Dev_c9b162f22c1c139b | Role::AWSReservedSSO_YoPayment-AWS-ViewOnly-Dev_8b8524750ae8d9c7 | Role::backend-pgw-core-pgw-dev-codedeploy-role | Role::backend-pgw-ipn-processor-pgw-dev-codedeploy-role | Role::backend-v1-backoffice-pgw-dev-codedeploy-role-cmc | Role::backend-v1-epay-processor-pgw-dev-codedeploy-role-cmc | Role::backend-v1-mbbank-processor-pgw-dev-codedeploy-role-cmc | Role::backend-v1-merchant-service-pgw-dev-codedeploy-role-cmc | Role::backend-v1-momo-processor-pgw-dev-codedeploy-role-cmc | Role::backend-v1-napas-processor-pgw-dev-codedeploy-role-cmc | Role::backend-v1-payment-service-pgw-dev-codedeploy-role-cmc | Role::backend-v1-pgw-core-pgw-dev-codedeploy-role-cmc | Role::backend-v1-schedule-pgw-dev-codedeploy-role-cmc | Role::backend-v1-zalopay-processor-pgw-dev-codedeploy-role-cmc | Role::frontend-backoffice-pgw-dev-codedeploy-role | Role::frontend-gateway-core-pgw-dev-codedeploy-role | Role::managed-eks-admin-ec2-role | Role::managed-vpc-sg-flowlog-flowlog-role | Role::pay1-wallet-aa-service-pgw-dev-codedeploy-role-cmc | Role::pay1-wallet-backoffice-service-pgw-dev-codedeploy-role-cmc | Role::pay1-wallet-debezium-connector-pgw-dev-codedeploy-role-cmc | Role::pay1-wallet-kafka-ui-pgw-dev-codedeploy-role-cmc | Role::pay1-wallet-ledger-core-pgw-dev-codedeploy-role-cmc | Role::pay1-wallet-notification-pgw-dev-codedeploy-role-cmc | Role::pay1-wallet-pay1-id-service-pgw-dev-codedeploy-role-cmc | Role::pay1-wallet-payment-service-pgw-dev-codedeploy-role-cmc | Role::pay1-wallet-sms-otp-service-pgw-dev-codedeploy-role-cmc | Role::pay1-wallet-wallet-backoffice-pgw-dev-codedeploy-role-cmc | Role::pay1-wallet-wallet-command-pgw-dev-codedeploy-role-cmc | Role::pay1-wallet-wallet-query-pgw-dev-codedeploy-role-cmc | Role::pay1-wallet-wallet-service-pgw-dev-codedeploy-role-cmc | Role::pay1-wallet-wallet-sms-otp-pgw-dev-codedeploy-role-cmc | Role::pgw-dev-backend-v1-pgw-core-dev-codedeploy-role-cmc | Role::pipeline-cross-account | Role::PyraCloudRole | Role::SecretsManagerRDSPostgreS-SecretsManagerRDSPostgreS-EmjcCJ2iYcSd | Role::YoPayment-AWS-Terraform-Pgw-Dev
Recommendation
AWS Docs

hasAccessKeyNoRotate90days

Security
Description
1 user(s) impacted. When you cannot rely on temporary credentials and require long term credentials, rotate the IAM access keys regularly(maximum every 90 days). If an access key is compromised without your knowledge, you limit how long the credentials can be used to access your resources
Resources
GLOBAL: User::yopayment-dev-ses-user
Label
Testing Required
Recommendation
Rotate access key

userNoActivity90days

Security
Description
1 of user(s) does not has active activity in the past 90 days (neither console or api). Please review and disable.
Resources
GLOBAL: User::yopayment-dev-ses-user
Label
Testing Required
Recommendation
IAM Credential Reports
Rotate Keys

unusedRole

Operation Excellence
Description
You have 62 unused roles in your account. Review the necessities of these roles, and delete them if no longer necessary. By removing unused roles, you can simplify monitoring and improve your security posture.
Resources
GLOBAL: Role::aws-controltower-AdministratorExecutionRole | Role::aws-controltower-ConfigRecorderRole | Role::aws-controltower-ReadOnlyExecutionRole | Role::AWSControlTower_VPCFlowLogsRole | Role::AWSReservedSSO_AWSAdministratorAccess_6ad2f92126b0c1d0 | Role::AWSReservedSSO_AWSOrganizationsFullAccess_159dbe7c34ff4f78 | Role::AWSReservedSSO_AWSPowerUserAccess_7a9fc77c08f63f11 | Role::AWSReservedSSO_AWSReadOnlyAccess_52218f0875a67871 | Role::AWSReservedSSO_YoPayment-AWS-Data-Pgw-Dev_5af8cd0c694d6669 | Role::AWSReservedSSO_YoPayment-AWS-ViewOnly-Dev_8b8524750ae8d9c7 | Role::backend-pgw-core-pgw-dev-codedeploy-role | Role::backend-pgw-ipn-processor-pgw-dev-codedeploy-role | Role::backend-v1-backoffice-pgw-dev-codedeploy-role-cmc | Role::backend-v1-epay-processor-pgw-dev-codedeploy-role-cmc | Role::backend-v1-mbbank-processor-pgw-dev-codedeploy-role-cmc | Role::backend-v1-merchant-service-pgw-dev-codedeploy-role-cmc | Role::backend-v1-momo-processor-pgw-dev-codedeploy-role-cmc | Role::backend-v1-napas-processor-pgw-dev-codedeploy-role-cmc | Role::backend-v1-payment-service-pgw-dev-codedeploy-role-cmc | Role::backend-v1-pgw-core-pgw-dev-codedeploy-role-cmc | Role::backend-v1-schedule-pgw-dev-codedeploy-role-cmc | Role::backend-v1-zalopay-processor-pgw-dev-codedeploy-role-cmc | Role::ec2-ssm-role | Role::ecs-iam-service | Role::ecsAutoscaleRole | Role::ecsEventsRole | Role::frontend-backoffice-pgw-dev-codedeploy-role | Role::frontend-gateway-core-pgw-dev-codedeploy-role | Role::pay1-wallet-debezium-connector-pgw-dev-codedeploy-role-cmc | Role::pay1-wallet-kafka-ui-pgw-dev-codedeploy-role-cmc | Role::pgw-dev-backend-v1-pgw-core-dev-codedeploy-role-cmc | Role::pgw-dev-ecs-backend-pgw-ipn-processor-task-execution-role | Role::pgw-dev-ecs-backend-pgw-ipn-processor-task-role | Role::pgw-dev-ecs-backend-v1-backoffice-task-execution-role-cmc | Role::pgw-dev-ecs-backend-v1-backoffice-task-role-cmc | Role::pgw-dev-ecs-backend-v1-epay-processor-task-execution-role-cmc | Role::pgw-dev-ecs-backend-v1-epay-processor-task-role-cmc | Role::pgw-dev-ecs-backend-v1-mbbank-processor-task-execution-role-cmc | Role::pgw-dev-ecs-backend-v1-mbbank-processor-task-role-cmc | Role::pgw-dev-ecs-backend-v1-merchant-service-task-execution-role-cmc | Role::pgw-dev-ecs-backend-v1-merchant-service-task-role-cmc | Role::pgw-dev-ecs-backend-v1-momo-processor-task-execution-role-cmc | Role::pgw-dev-ecs-backend-v1-momo-processor-task-role-cmc | Role::pgw-dev-ecs-backend-v1-napas-processor-task-execution-role-cmc | Role::pgw-dev-ecs-backend-v1-napas-processor-task-role-cmc | Role::pgw-dev-ecs-backend-v1-payment-service-task-execution-role-cmc | Role::pgw-dev-ecs-backend-v1-payment-service-task-role-cmc | Role::pgw-dev-ecs-backend-v1-pgw-core-task-execution-role-cmc | Role::pgw-dev-ecs-backend-v1-pgw-core-task-role-cmc | Role::pgw-dev-ecs-backend-v1-scheduler-task-execution-role-cmc | Role::pgw-dev-ecs-backend-v1-scheduler-task-role-cmc | Role::pgw-dev-ecs-backend-v1-zalopay-processor-task-execution-role-cmc | Role::pgw-dev-ecs-backend-v1-zalopay-processor-task-role-cmc | Role::pgw-dev-ecs-frontend-backoffice-task-execution-role | Role::pgw-dev-ecs-frontend-backoffice-task-role | Role::pgw-dev-ecs-frontend-gateway-core-task-execution-role | Role::pgw-dev-ecs-frontend-gateway-core-task-role | Role::pgw-dev-keyspaces-role | Role::pgw-dev-msk-connector-archiver-sink-connector-s3-role | Role::pipeline-cross-account | Role::SecretsManagerRDSPostgreS-SecretsManagerRDSPostgreS-EmjcCJ2iYcSd | Role::stacksets-exec-bb8cf4473e8495ef76fab8d8a00a5618
Recommendation
AWS Blog

FullAdminAccess

Security
Description
You have provided full Administrator access to 5 users, groups or roles. It is considered best practice to limit access by following the standard security advice of granting least privilege, or granting only the permissions required to perform a task. Determine what users and roles need to do and then craft policies that allow them to perform only those tasks.
Resources
GLOBAL: Role::aws-controltower-AdministratorExecutionRole | Role::AWSControlTowerExecution | Role::AWSReservedSSO_AWSAdministratorAccess_6ad2f92126b0c1d0 | Role::AWSReservedSSO_YoPayment-AWS-Admin-Pgw-Dev_999b53209cafbc21 | Role::stacksets-exec-bb8cf4473e8495ef76fab8d8a00a5618
Recommendation
AWS Docs
Organization GuardRail Blog

roleLongSession

Security
Description
9 role session duration is longer than the default duration of 60 minutes. Unless your applications and/or federated users need to complete longer running workloads in a single session, it is recommended to stick with the default session duration.
Resources
GLOBAL: Role::AWSReservedSSO_AWSAdministratorAccess_6ad2f92126b0c1d0 | Role::AWSReservedSSO_AWSOrganizationsFullAccess_159dbe7c34ff4f78 | Role::AWSReservedSSO_AWSPowerUserAccess_7a9fc77c08f63f11 | Role::AWSReservedSSO_AWSReadOnlyAccess_52218f0875a67871 | Role::AWSReservedSSO_YoPayment-AWS-Admin-Pgw-Dev_999b53209cafbc21 | Role::AWSReservedSSO_YoPayment-AWS-Data-Pgw-Dev_5af8cd0c694d6669 | Role::AWSReservedSSO_YoPayment-AWS-Developer-Pgw-Dev_c207ab9d1e5199f5 | Role::AWSReservedSSO_YoPayment-AWS-Platform-Pgw-Dev_c9b162f22c1c139b | Role::AWSReservedSSO_YoPayment-AWS-ViewOnly-Dev_8b8524750ae8d9c7
Label
Testing Required (maybe)
Recommendation
AWS Blog

ManagedPolicyFullAccessOneServ

Security
Description
You have set a managed policy giving 5 users, groups and/or roles full access to one service. It is considered best practice to limit access by following the standard security advice of granting least privilege, or granting only the permissions required to perform a task. Determine what users and roles need to do and then craft policies that allow them to perform only those tasks.
Resources
GLOBAL: Role::AWSReservedSSO_AWSOrganizationsFullAccess_159dbe7c34ff4f78 | Role::AWSReservedSSO_AWSPowerUserAccess_7a9fc77c08f63f11 | Role::AWSReservedSSO_YoPayment-AWS-Developer-Pgw-Dev_c207ab9d1e5199f5 | Role::PyraCloudRole | Role::YoPayment-AWS-Terraform-Pgw-Dev
Recommendation
AWS Docs

InlinePolicyFullAccessOneServ

Security
Description
You have set an inline policy giving 4 users, groups and/or roles full access to one service. Consider switching to managed policies instead. It is also considered best practice to limit access by following the standard security advice of granting least privilege, or granting only the permissions required to perform a task. Determine what users and roles need to do and then craft policies that allow them to perform only those tasks.
Resources
GLOBAL: Role::AWSReservedSSO_YoPayment-AWS-Data-Pgw-Dev_5af8cd0c694d6669 | Role::AWSReservedSSO_YoPayment-AWS-Developer-Pgw-Dev_c207ab9d1e5199f5 | Role::AWSReservedSSO_YoPayment-AWS-Platform-Pgw-Dev_c9b162f22c1c139b | Role::YoPayment-AWS-Terraform-Pgw-Dev
Recommendation
AWS Docs

enableCURReport

Cost Optimization
Description
Cost and Usage Reports (CUR) has not been setup in this accounts. Setup CUR for better cost analysis.
Resources
GLOBAL: Account::Config
Label
Cost Incurred
Recommendation
Creating Cost and Usage Reports

PartialEnableConfigService

Security
Description
Not all regions has Config enabled. The AWS Config service performs configuration management of supported AWS resources in your account and delivers log files to you. The recorded information includes the configuration item (AWS resource), relationships between configuration items, and any configuration changes between resources.
Resources
GLOBAL: Account::Config
Label
Cost Incurred
Recommendation
Enable AWS Config

hasAlternateContact

Security
Description
Alternate account contacts help AWS get in contact with the appropriate personnel if needed. Configure the account’s alternate contacts to point to a group rather than an individual. For example, create separate email distribution lists for billing, operations, and security and configure these as Billing, Security, and Operations contacts in each active AWS account. This ensures that multiple people will receive AWS notifications and be able to respond, even if someone is on vacation, changes roles, or leaves the company.
Resources
GLOBAL: Account::Config
Recommendation
Alternate Contact

enableCostBudget

Cost Optimization
Description
AWS Budgets enable monitoring of monthly costs and usage with notifications when costs are forecasted to exceed target thresholds. Forecasted cost notifications can provide an indication of unexpected activity, providing extra defense in addition to other monitoring systems, such as AWS Trusted Advisor and Amazon GuardDuty. Monitoring and understanding your AWS costs is also part of good operational hygiene.
Resources
GLOBAL: Account::Config
Recommendation
Create a budget

passwordPolicyReuse

Security
Description
Your current password policy is not strong. Improving the strength of your password policy would improve the security of your account. Consider implementing best practices when setting the password policy. If you already configure as per your organization
Resources
GLOBAL: Account::Config
Recommendation
IAM Password Policy

supportPlanLowTier

Operation Excellence
Description
It is recommended that you subscribe to the AWS Business Support tier or higher for all of your AWS production accounts. For more information, refer to Compare AWS Support Plans. If you don't have premium support, you must have an action plan to handle issues which require help from AWS Support. AWS Support provides a mix of tools and technology, people, and programs designed to proactively help you optimize performance, lower costs, and innovate faster. AWS Business Support provides additional benefits including access to AWS Trusted Advisor and AWS Personal Health Dashboard and faster response times.
Resources
GLOBAL: Account::Config
Label
Cost Incurred
Recommendation
AWS Support Plan
Guide
Detail
GLOBAL

1. root_id

CheckCurrent ValueRecommendation
passwordLastChange90 336 Rotate password
consoleLastAccess90 336 Validate IAM user console access
rootMfaActive Inactive Enable MFA on root user

2. pgw-cassandra-user

CheckCurrent ValueRecommendation
userNotUsingGroup - Place IAM user within User Group
InlinePolicy pgw-cassandra-policy Use managed policies

3. yopayment-dev-ses-user

CheckCurrent ValueRecommendation
hasAccessKeyNoRotate90days 225 Rotate credentials regularly
userNoActivity90days Inactive user

4. aws-controltower-AdministratorExecutionRole

CheckCurrent ValueRecommendation
unusedRole 494 days passed Review & remove inactive roles
FullAdminAccess AdministratorAccess Limit permissions.

5. aws-controltower-ConfigRecorderRole

CheckCurrent ValueRecommendation
unusedRole 494 days passed Review & remove inactive roles

6. aws-controltower-ForwardSnsNotificationRole

CheckCurrent ValueRecommendation
InlinePolicy sns Use managed policies

7. aws-controltower-ReadOnlyExecutionRole

CheckCurrent ValueRecommendation
unusedRole 494 days passed Review & remove inactive roles

8. AWSControlTowerExecution

CheckCurrent ValueRecommendation
FullAdminAccess AdministratorAccess Limit permissions.

9. AWSControlTower_VPCFlowLogsRole

CheckCurrent ValueRecommendation
unusedRole 494 days passed Review & remove inactive roles

10. AWSReservedSSO_AWSAdministratorAccess_6ad2f92126b0c1d0

CheckCurrent ValueRecommendation
roleLongSession 43200 Review & reduce max session duration
unusedRole 485 days Review & remove inactive roles
FullAdminAccess AdministratorAccess Limit permissions.

11. AWSReservedSSO_AWSOrganizationsFullAccess_159dbe7c34ff4f78

CheckCurrent ValueRecommendation
roleLongSession 43200 Review & reduce max session duration
unusedRole 494 days passed Review & remove inactive roles
ManagedPolicyFullAccessOneServ AWSOrganizationsFullAccess Limit permissions.

12. AWSReservedSSO_AWSPowerUserAccess_7a9fc77c08f63f11

CheckCurrent ValueRecommendation
roleLongSession 43200 Review & reduce max session duration
unusedRole 494 days passed Review & remove inactive roles
ManagedPolicyFullAccessOneServ PowerUserAccess Limit permissions.

13. AWSReservedSSO_AWSReadOnlyAccess_52218f0875a67871

CheckCurrent ValueRecommendation
roleLongSession 43200 Review & reduce max session duration
unusedRole 494 days passed Review & remove inactive roles

14. AWSReservedSSO_YoPayment-AWS-Admin-Pgw-Dev_999b53209cafbc21

CheckCurrent ValueRecommendation
roleLongSession 43200 Review & reduce max session duration
FullAdminAccess AdministratorAccess Limit permissions.

15. AWSReservedSSO_YoPayment-AWS-Data-Pgw-Dev_5af8cd0c694d6669

CheckCurrent ValueRecommendation
roleLongSession 43200 Review & reduce max session duration
unusedRole 485 days passed Review & remove inactive roles
InlinePolicy AwsSSOInlinePolicy Use managed policies
InlinePolicyFullAccessOneServ AwsSSOInlinePolicy Limit access in policy

16. AWSReservedSSO_YoPayment-AWS-Developer-Pgw-Dev_c207ab9d1e5199f5

CheckCurrent ValueRecommendation
roleLongSession 43200 Review & reduce max session duration
ManagedPolicyFullAccessOneServ AmazonECS_FullAccess Limit permissions.
InlinePolicy AwsSSOInlinePolicy Use managed policies
InlinePolicyFullAccessOneServ AwsSSOInlinePolicy Limit access in policy

17. AWSReservedSSO_YoPayment-AWS-Platform-Pgw-Dev_c9b162f22c1c139b

CheckCurrent ValueRecommendation
roleLongSession 43200 Review & reduce max session duration
InlinePolicy AwsSSOInlinePolicy Use managed policies
InlinePolicyFullAccessOneServ AwsSSOInlinePolicy Limit access in policy

18. AWSReservedSSO_YoPayment-AWS-ViewOnly-Dev_8b8524750ae8d9c7

CheckCurrent ValueRecommendation
roleLongSession 43200 Review & reduce max session duration
unusedRole 70 days Review & remove inactive roles
InlinePolicy AwsSSOInlinePolicy Use managed policies

19. backend-pgw-core-pgw-dev-codedeploy-role

CheckCurrent ValueRecommendation
unusedRole 306 days Review & remove inactive roles
InlinePolicy terraform-20230905094310731500000003 Use managed policies

20. backend-pgw-ipn-processor-pgw-dev-codedeploy-role

CheckCurrent ValueRecommendation
unusedRole 307 days Review & remove inactive roles
InlinePolicy terraform-20230905094310442000000001 Use managed policies

21. backend-v1-backoffice-pgw-dev-codedeploy-role-cmc

CheckCurrent ValueRecommendation
unusedRole 36 days Review & remove inactive roles
InlinePolicy terraform-20230905094310731500000003 Use managed policies

22. backend-v1-epay-processor-pgw-dev-codedeploy-role-cmc

CheckCurrent ValueRecommendation
unusedRole 194 days Review & remove inactive roles
InlinePolicy terraform-20230905094310731500000003 Use managed policies

23. backend-v1-mbbank-processor-pgw-dev-codedeploy-role-cmc

CheckCurrent ValueRecommendation
unusedRole 194 days Review & remove inactive roles
InlinePolicy terraform-20230905094310731500000003 Use managed policies

24. backend-v1-merchant-service-pgw-dev-codedeploy-role-cmc

CheckCurrent ValueRecommendation
unusedRole 162 days Review & remove inactive roles
InlinePolicy terraform-20230905094310731500000003 Use managed policies

25. backend-v1-momo-processor-pgw-dev-codedeploy-role-cmc

CheckCurrent ValueRecommendation
unusedRole 217 days Review & remove inactive roles
InlinePolicy terraform-20230905094310731500000003 Use managed policies

26. backend-v1-napas-processor-pgw-dev-codedeploy-role-cmc

CheckCurrent ValueRecommendation
unusedRole 181 days Review & remove inactive roles
InlinePolicy terraform-20230905094310731500000003 Use managed policies

27. backend-v1-payment-service-pgw-dev-codedeploy-role-cmc

CheckCurrent ValueRecommendation
unusedRole 183 days Review & remove inactive roles
InlinePolicy terraform-20230905094310731500000003 Use managed policies

28. backend-v1-pgw-core-pgw-dev-codedeploy-role-cmc

CheckCurrent ValueRecommendation
unusedRole 121 days Review & remove inactive roles
InlinePolicy terraform-20230905094310731500000003 Use managed policies

29. backend-v1-schedule-pgw-dev-codedeploy-role-cmc

CheckCurrent ValueRecommendation
unusedRole 217 days Review & remove inactive roles
InlinePolicy terraform-20230905094310731500000003 Use managed policies

30. backend-v1-zalopay-processor-pgw-dev-codedeploy-role-cmc

CheckCurrent ValueRecommendation
unusedRole 217 days Review & remove inactive roles
InlinePolicy terraform-20230905094310731500000003 Use managed policies

31. ec2-ssm-role

CheckCurrent ValueRecommendation
unusedRole 408 days Review & remove inactive roles

32. ecs-iam-service

CheckCurrent ValueRecommendation
unusedRole 481 days Review & remove inactive roles

33. ecsAutoscaleRole

CheckCurrent ValueRecommendation
unusedRole 369 days passed Review & remove inactive roles

34. ecsEventsRole

CheckCurrent ValueRecommendation
unusedRole 370 days passed Review & remove inactive roles

35. frontend-backoffice-pgw-dev-codedeploy-role

CheckCurrent ValueRecommendation
unusedRole 36 days Review & remove inactive roles
InlinePolicy terraform-20230905094310452100000002 Use managed policies

36. frontend-gateway-core-pgw-dev-codedeploy-role

CheckCurrent ValueRecommendation
unusedRole 47 days Review & remove inactive roles
InlinePolicy terraform-20230905094310918000000004 Use managed policies

37. managed-eks-admin-ec2-role

CheckCurrent ValueRecommendation
InlinePolicy managed-eks-admin-ec2-policy Use managed policies

38. managed-vpc-sg-flowlog-flowlog-role

CheckCurrent ValueRecommendation
InlinePolicy managed-vpc-sg-flowlog-flowlog-policy Use managed policies

39. pay1-wallet-aa-service-pgw-dev-codedeploy-role-cmc

CheckCurrent ValueRecommendation
InlinePolicy terraform-pay1-wallet-aa-service-pgw-dev-codedeploy-role-cmc-policy Use managed policies

40. pay1-wallet-backoffice-service-pgw-dev-codedeploy-role-cmc

CheckCurrent ValueRecommendation
InlinePolicy terraform-pay1-wallet-backoffice-service-pgw-dev-codedeploy-role-cmc-policy Use managed policies

41. pay1-wallet-debezium-connector-pgw-dev-codedeploy-role-cmc

CheckCurrent ValueRecommendation
unusedRole 63 days Review & remove inactive roles
InlinePolicy terraform-pay1-wallet-debezium-connector-pgw-dev-codedeploy-role-cmc-policy Use managed policies

42. pay1-wallet-kafka-ui-pgw-dev-codedeploy-role-cmc

CheckCurrent ValueRecommendation
unusedRole 121 days Review & remove inactive roles
InlinePolicy terraform-pay1-wallet-kafka-ui-pgw-dev-codedeploy-role-cmc-policy Use managed policies

43. pay1-wallet-ledger-core-pgw-dev-codedeploy-role-cmc

CheckCurrent ValueRecommendation
InlinePolicy terraform-pay1-wallet-ledger-core-pgw-dev-codedeploy-role-cmc-policy Use managed policies

44. pay1-wallet-notification-pgw-dev-codedeploy-role-cmc

CheckCurrent ValueRecommendation
InlinePolicy terraform-pay1-wallet-notification-pgw-dev-codedeploy-role-cmc-policy Use managed policies

45. pay1-wallet-pay1-id-service-pgw-dev-codedeploy-role-cmc

CheckCurrent ValueRecommendation
InlinePolicy terraform-pay1-wallet-pay1-id-service-pgw-dev-codedeploy-role-cmc-policy Use managed policies

46. pay1-wallet-payment-service-pgw-dev-codedeploy-role-cmc

CheckCurrent ValueRecommendation
InlinePolicy terraform-pay1-wallet-payment-service-pgw-dev-codedeploy-role-cmc-policy Use managed policies

47. pay1-wallet-sms-otp-service-pgw-dev-codedeploy-role-cmc

CheckCurrent ValueRecommendation
InlinePolicy terraform-pay1-wallet-sms-otp-service-pgw-dev-codedeploy-role-cmc-policy Use managed policies

48. pay1-wallet-wallet-backoffice-pgw-dev-codedeploy-role-cmc

CheckCurrent ValueRecommendation
InlinePolicy terraform-pay1-wallet-wallet-backoffice-pgw-dev-codedeploy-role-cmc-policy Use managed policies

49. pay1-wallet-wallet-command-pgw-dev-codedeploy-role-cmc

CheckCurrent ValueRecommendation
InlinePolicy terraform-pay1-wallet-wallet-command-pgw-dev-codedeploy-role-cmc-policy Use managed policies

50. pay1-wallet-wallet-query-pgw-dev-codedeploy-role-cmc

CheckCurrent ValueRecommendation
InlinePolicy terraform-pay1-wallet-wallet-query-pgw-dev-codedeploy-role-cmc-policy Use managed policies

51. pay1-wallet-wallet-service-pgw-dev-codedeploy-role-cmc

CheckCurrent ValueRecommendation
InlinePolicy terraform-pay1-wallet-wallet-service-pgw-dev-codedeploy-role-cmc-policy Use managed policies

52. pay1-wallet-wallet-sms-otp-pgw-dev-codedeploy-role-cmc

CheckCurrent ValueRecommendation
InlinePolicy terraform-pay1-wallet-wallet-sms-otp-pgw-dev-codedeploy-role-cmc-policy Use managed policies

53. pgw-dev-backend-v1-pgw-core-dev-codedeploy-role-cmc

CheckCurrent ValueRecommendation
unusedRole 316 days passed Review & remove inactive roles
InlinePolicy terraform-20230905094310731500000003 Use managed policies

54. pgw-dev-ecs-backend-pgw-ipn-processor-task-execution-role

CheckCurrent ValueRecommendation
unusedRole 307 days Review & remove inactive roles

55. pgw-dev-ecs-backend-pgw-ipn-processor-task-role

CheckCurrent ValueRecommendation
unusedRole 307 days Review & remove inactive roles

56. pgw-dev-ecs-backend-v1-backoffice-task-execution-role-cmc

CheckCurrent ValueRecommendation
unusedRole 134 days Review & remove inactive roles

57. pgw-dev-ecs-backend-v1-backoffice-task-role-cmc

CheckCurrent ValueRecommendation
unusedRole 134 days Review & remove inactive roles

58. pgw-dev-ecs-backend-v1-epay-processor-task-execution-role-cmc

CheckCurrent ValueRecommendation
unusedRole 134 days Review & remove inactive roles

59. pgw-dev-ecs-backend-v1-epay-processor-task-role-cmc

CheckCurrent ValueRecommendation
unusedRole 134 days Review & remove inactive roles

60. pgw-dev-ecs-backend-v1-mbbank-processor-task-execution-role-cmc

CheckCurrent ValueRecommendation
unusedRole 134 days Review & remove inactive roles

61. pgw-dev-ecs-backend-v1-mbbank-processor-task-role-cmc

CheckCurrent ValueRecommendation
unusedRole 134 days Review & remove inactive roles

62. pgw-dev-ecs-backend-v1-merchant-service-task-execution-role-cmc

CheckCurrent ValueRecommendation
unusedRole 134 days Review & remove inactive roles

63. pgw-dev-ecs-backend-v1-merchant-service-task-role-cmc

CheckCurrent ValueRecommendation
unusedRole 134 days Review & remove inactive roles

64. pgw-dev-ecs-backend-v1-momo-processor-task-execution-role-cmc

CheckCurrent ValueRecommendation
unusedRole 134 days Review & remove inactive roles

65. pgw-dev-ecs-backend-v1-momo-processor-task-role-cmc

CheckCurrent ValueRecommendation
unusedRole 134 days Review & remove inactive roles

66. pgw-dev-ecs-backend-v1-napas-processor-task-execution-role-cmc

CheckCurrent ValueRecommendation
unusedRole 134 days Review & remove inactive roles

67. pgw-dev-ecs-backend-v1-napas-processor-task-role-cmc

CheckCurrent ValueRecommendation
unusedRole 134 days Review & remove inactive roles

68. pgw-dev-ecs-backend-v1-payment-service-task-execution-role-cmc

CheckCurrent ValueRecommendation
unusedRole 134 days Review & remove inactive roles

69. pgw-dev-ecs-backend-v1-payment-service-task-role-cmc

CheckCurrent ValueRecommendation
unusedRole 134 days Review & remove inactive roles

70. pgw-dev-ecs-backend-v1-pgw-core-task-execution-role-cmc

CheckCurrent ValueRecommendation
unusedRole 134 days Review & remove inactive roles

71. pgw-dev-ecs-backend-v1-pgw-core-task-role-cmc

CheckCurrent ValueRecommendation
unusedRole 134 days Review & remove inactive roles

72. pgw-dev-ecs-backend-v1-scheduler-task-execution-role-cmc

CheckCurrent ValueRecommendation
unusedRole 134 days Review & remove inactive roles

73. pgw-dev-ecs-backend-v1-scheduler-task-role-cmc

CheckCurrent ValueRecommendation
unusedRole 134 days Review & remove inactive roles

74. pgw-dev-ecs-backend-v1-zalopay-processor-task-execution-role-cmc

CheckCurrent ValueRecommendation
unusedRole 134 days Review & remove inactive roles

75. pgw-dev-ecs-backend-v1-zalopay-processor-task-role-cmc

CheckCurrent ValueRecommendation
unusedRole 134 days Review & remove inactive roles

76. pgw-dev-ecs-frontend-backoffice-task-execution-role

CheckCurrent ValueRecommendation
unusedRole 134 days Review & remove inactive roles

77. pgw-dev-ecs-frontend-backoffice-task-role

CheckCurrent ValueRecommendation
unusedRole 134 days Review & remove inactive roles

78. pgw-dev-ecs-frontend-gateway-core-task-execution-role

CheckCurrent ValueRecommendation
unusedRole 134 days Review & remove inactive roles

79. pgw-dev-ecs-frontend-gateway-core-task-role

CheckCurrent ValueRecommendation
unusedRole 134 days Review & remove inactive roles

80. pgw-dev-keyspaces-role

CheckCurrent ValueRecommendation
unusedRole 138 days passed Review & remove inactive roles

81. pgw-dev-msk-connector-archiver-sink-connector-s3-role

CheckCurrent ValueRecommendation
unusedRole 365 days Review & remove inactive roles

82. pipeline-cross-account

CheckCurrent ValueRecommendation
unusedRole 489 days passed Review & remove inactive roles
InlinePolicy pipeline-cross-account-policy Use managed policies

83. PyraCloudRole

CheckCurrent ValueRecommendation
ManagedPolicyFullAccessOneServ PyraCloudReadOnlyPolicy Limit permissions.
InlinePolicy root Use managed policies

84. SecretsManagerRDSPostgreS-SecretsManagerRDSPostgreS-EmjcCJ2iYcSd

CheckCurrent ValueRecommendation
unusedRole 351 days Review & remove inactive roles
InlinePolicy SecretsManagerRDSPostgreSQLRotationMultiUserRolePolicy1
SecretsManagerRDSPostgreSQLRotationMultiUserRolePolicy2
SecretsManagerRDSPostgreSQLRotationMultiUserRolePolicy3
SecretsManagerRDSPostgreSQLRotationMultiUserRolePolicy4		 Use managed policies

85. stacksets-exec-bb8cf4473e8495ef76fab8d8a00a5618

CheckCurrent ValueRecommendation
unusedRole 299 days Review & remove inactive roles
FullAdminAccess AdministratorAccess Limit permissions.

86. YoPayment-AWS-Terraform-Pgw-Dev

CheckCurrent ValueRecommendation
ManagedPolicyFullAccessOneServ YoPayment-AWS-Terraform-Pgw-Dev Limit permissions.
InlinePolicy YoPayment-AWS-Terraform-Pgw-Dev-extra-policy
YoPayment-AWS-Terraform-Pgw-Dev-init		 Use managed policies
InlinePolicyFullAccessOneServ YoPayment-AWS-Terraform-Pgw-Dev-extra-policy Limit access in policy

87. Config

CheckCurrent ValueRecommendation
enableCURReport Setup Cost and Usage Report
PartialEnableConfigService Enable AWS Config
hasAlternateContact No alternate contacts Configure AWS account contacts
enableCostBudget Monitor your AWS spending
passwordPolicyReuse 16 Set a stronger password policy
supportPlanLowTier Subscribe to the AWS Business Support tier (or higher)