Security Assessment

Step 1: Gather context

Ask the user:

What workload or AWS environment would you like me to assess for security? Please share:

• Workload name and code packages/directories to analyze
• Compliance requirements (SOC2, HIPAA, PCI-DSS, FedRAMP, GDPR, etc.)
• Known concerns (optional)

If context is already provided or you are in a codebase with IaC, proceed directly.

Step 2: Identity and Access Management Discovery

Analyze all IAM configurations in the codebase.