Hello,

I'm unable to run the iam__enum__permissions command using the default AWS ReadOnlyAccess policy. However, I noticed the Pacu iam__enum_permissions python script calls the following:

# list-groups-for-user
# list-user-policies
# list-group-policies
# list-role-policies
# list-attached-role-policies
# list-attached-group-policies
# list-attached-user-policies
# get-policy
# get-policy-version
# get-user-policy
# get-group-policy
# get-role-policy

In theory, all these List and Get permissions are allowed using the ReadOnlyAccess policy. Not sure why it doesn't work?

The error reads "No users found" and "FAILURE: MISSING NEEDED PERMISSIONS".

Hi @ikspozd, I have tried to reproduce this by setting up a user with only the ReadOnlyAccess attached to it and running
run iam__enum_permissions --all-users --all-roles
But I do not see the issue, it runs as expected.

Let me know if you are still having this issue. Without more information on your environment and specific setup I am not sure what is going on.

Going to close this for now, feel free to reopen with more information if you feel there is still an issue here.