Identity & Access Audit

IAMRoleHunter

Engine: 1.2.0-GlobalGhost

NON-COMPLIANT DETECTED

1. Projected Breach Exposure

Risk Exposure (USD)

$42,500.00

Potential Breach Cost

Risk Status

CRITICAL

Action Required

Compliance Status

SOC2/ISO27001
FAILED

IAM

Identity Hygiene Scan Coverage

42

IAM Users

12

Admin Accounts

85

Service Roles

15

Trust Violations

"Conclusion: The infrastructure presents high-gravity entry points. Publicly assumable roles and missing MFA on administrative accounts create a direct path to total account takeover."

2. Identity Forensics: Critical Findings

Threat Type Identity / Resource Exposure Level Proj. Impact
PUBLIC_TRUST Role: cross-account-migration CRITICAL $12,500.00
MISSING_MFA User: godmode-admin CRITICAL $2,500.00
STALE_KEY User: deploy-svc (412 days) HIGH $750.00
PRIVILEGE_ABUSE User: temp-dev-junior CRITICAL $2,500.00

[!] FORENSIC ALERT: Multiple keys found in GitHub public repositories matching User: 'deploy-svc'. Rotating these keys is a non-negotiable priority to avoid lateral movement.

3. Identity Hardening Protocol

Immediate Response (0-24h)
  • [ ] Enforce MFA on all AdministratorAccess users.
  • [ ] Revoke Public Principal (*) from Trust Policies.
  • [ ] Invalidate Access Keys older than 90 days.
Governance (Long-term)
  • [ ] Migrate from IAM Users to IAM Identity Center (SSO).
  • [ ] Implement Service Control Policies (SCPs) to block regions.
  • [ ] Automate Key Rotation via Lambda/SecretManager.

Secure Your Identity Layer

BLINDAR O AMBIENTE IMEDIATAMENTE

Includes: IAM Policy Hardening Generator // MFA Enforcement Scripts // SOC2 Compliance Checklist