iam

• There are still mentions of a triage worksheet. "Cloudsplaining identifies violations of least privilege in AWS IAM policies and generates a pretty HTML report with a triage worksheet. It can scan all the policies in your AWS account or it can scan a single policy file." The worksheet is mentioned several times.
• As shown in the above, there is no mention of multiple AWS accounts
• The GIF st

#22 introduced a feature to guess actions that are similar to an existing policy. It currently doesn't support all actions.

Here's things I currently know are missing (comment if you find more):

• KMS: Encrypt, Decrypt, GenerateDataKey, ...
• ECR: BatchDeleteImage, BatchGetImage, ...
• *Deregister*
• *Modify*
• *Remove*
• API Gateway: (DELETE,

running airiam recommend_groups, in MAC gives this error

`INFO:botocore.credentials:Found credentials in shared credentials file: ~/.aws/credentials
Reusing local data
INFO:root:Analyzing data for account 051349106950
INFO:root:Using the default UserOrganizer
Traceback (most recent call last):
File "/usr/local/bin/airiam", line 5, in
run()
File "/usr/local/Cellar/airiam/

Usually, we probably want to copy the output of the conversion back into our IDE. Explore what we can do to make this easier.

One idea would be to use the toolbar and copy-to-clipboard Prism plugins for this

After creating a custom login policy, the active identity providers are still listed from default. Same ist for MFA and 2FA, ...

From the screenshots below, you can see that the new policy is loaded after creation and reset. But only the policy itself and not the identity providers and factors:
![image](https://user-images.githubusercontent.com/9405495/143998582-86d03161-287f-4448-b0e4-feca882