AWS Start IAM Policy Generation : Given a region, a CloudTrail ARN (where the logs are being recorded), a reference IAM ARN (whose usage we will parse), and a Service role, this will begin the generation of a IAM policy. The output is a String of the generation Id.

AWS Attach New Policy to User: AWS Attach New Policy to User

AWS Create IAM Policy: Given an AWS policy (as a string), and the name for the policy, this will create an IAM policy.

AWS Create Access Key: Create a new Access Key for the User

Create New IAM User: Create New IAM User

Create Login profile for IAM User: Create Login profile for IAM User

AWS Delete Access Key: Delete an Access Key for a User

AWS Get Generated Policy: Given a Region and the ID of a policy generation job, this Action will return the policy (once it has been completed).

AWS Get IAM Users with Old Access Keys: This Lego collects the access keys that have never been used or the access keys that have been used but are older than the threshold.

AWS List Access Key: List all Access Keys for the User

AWS List All IAM Users: List all AWS IAM Users

AWS List Attached User Policies: AWS List Attached User Policies

AWS List Expiring Access Keys: List Expiring IAM User Access Keys

AWS List IAM Users With Old Passwords: This Lego filter gets all the IAM users' login profiles, and if the login profile is available, checks for the last password change if the password is greater than the given threshold, and lists those users.

AWS Update Access Key: Update status of the Access Key