Last Updated: November 21, 2025
Audit Areas
| Check | Command |
|---|---|
Findings
|
aws securityhub get-findings --filters SeverityLabel=HIGH |
IAM exposure
|
aws iam get-account-summary | grep User |
CloudTrail trails
|
aws cloudtrail describe-trails |
GuardDuty
|
aws guardduty get-findings --detector-id
|
Useful CLI Snippets
aws securityhub get-insights --insight-arns
List curated insights to focus your attention.
aws securityhub batch-update-findings --finding-identifiers ... --note text=...
Add human context when triaging findings.
aws iam list-attached-role-policies --role-name
Verify least privilege before granting new rights.
aws s3api get-bucket-versioning --bucket audit-logs
Ensure audit trails retain historical data.
Summary
Automate Security Hub, GuardDuty, and IAM queries so you can rotate audit dashboards without missing high-severity signals.
💡 Pro Tip:
Filter Security Hub findings down to your severity levels before scripting dashboards.