| π Account Has No IAM Users π΄π | 1 | π΄ x3, π x5 |
| π Account Root User has active access keys π’ | 1 | π’ x6 |
| π Account Root User Hardware MFA is not enabled. π’ | | π’ x3 |
| π Account Root User MFA is not enabled. π’ | 1 | π’ x6 |
| π AWS IAM User is not managed centrally in multi-account environments π’ | | π’ x3 |
| π AWSCloudShellFullAccess Policy is attached π’ | 1 | π’ x6 |
| π IAM Role Unused π’ | 1 | π’ x6 |
| π Policy (Customer Managed) Contains Potential Credentials Exposure π΄π | 1 | π΄ x3, π x5 |
| π Policy allows full administrative privileges π’ | 1 | π’ x6 |
| π Root User credentials were used is the last 30 days π΄π’ | 1 | π΄ x1, π’ x6 |
| π Server Certificate is expired π’ | 1 | π’ x6 |
| π User Access Keys are not rotated every 90 days or less π’ | 1 | π’ x6 |
| π User has inline or directly attached policies π’ | 1 | π x1, π’ x5 |
| π User has more than one active access key π’ | 1 | π’ x6 |
| π User MFA is not enabled for all users with console password π’ | 1 | π’ x6 |
| π User with console and programmatic access set during the initial creation π’ | | π’ x3 |
| π User with credentials unused for 45 days or more is not disabled π’ | 1 | π’ x6 |