I came across this tool https://github.com/nccgroup/Scout2 and thought I’d give it a try out.
First, I created a new user in my AWS environment and applied the
SecurityAudit roles to it.
Then I decided to run the script in a Docker container. I’ve included instructions here in case you want to do the same.
The end result is a very useful static HTML report. Of course, it flagged some false positives, but is a good data point on how the environment is set up.