![Cover image for [Open Source] Built a tool to discover and risk-score all IAM roles + OIDC trust relationships across AWS accounts](https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F7hq8v5vgqcu39komakiv.png)
If you're running multiple AWS accounts, you probably have hundreds of IAM roles with trust policies you've never audited. I built MII to solve this.
What it does:
Scans all IAM roles across your AWS accounts (read-only, uses IAMReadOnlyAccess)
Parses trust policies to find OIDC federations, cross-account trust, wildcard principals
Builds a graph of "who can assume whom"
Scores every role based on risk factors (admin access + OIDC = critical)
Simulates attack paths through the trust chain
Supports AWS Organizations for auto-discovering all accounts
Findings it catches:
OIDC role with AdministratorAccess (any CI/CD pipeline = full admin)
Cross-account trust without ExternalId (confused deputy)
Wildcard principals in trust policies (any AWS identity worldwide can assume)
Unused roles with active trust policies (dormant backdoors)
Self-hosted, MIT licensed, Docker Compose to get started in 5 minutes.
Top comments (0)