AWS IAM list_service_specific_credentials

[achantavy]

Description

Describe your idea. Please be detailed. If a feature request, please describe the desired behavior, what scenario it enables, and how it would be used.

AWS IAM users can have static credentials associated with them that are tied to a specific AWS service e.g. Bedrock. We should audit these in Cartography.

Motivation

Why is this feature needed? What problem does it solve or opportunity does it unlock?

This would let us gain visibility on static credentials. IAM user access keys are a security antipattern so every org should monitor these credentials.

Alternatives Considered

List other approaches or ideas considered, and why they were not chosen.

N/A

Relevant Links

Any extra documentation required to understand the issue.