The recommended role grants read-only discovery permissions and does not allow resource modification.
Security Model
Customer-controlled, read-only AWS discovery.
AgentOpsMind is designed for evidence collection and reporting. Customers own the AWS role and can revoke access at any time.
Customers receive portals and PDFs. AutoMyx operates and controls the product engine.
The scanner does not intentionally collect S3 object contents, database data, secret values, or private keys.
Cross-account access uses a unique external ID for each customer.
Each scheduled scan can preserve a monthly snapshot and PDF pack.
The customer can remove the role trust relationship or delete the role at any time.