The AWS plugin discovers cloud resources across S3, IAM, and EC2 using a single read-only IAM role on each account. It registers 3 services, 6 resources, and 47 methods, covering full DAG traversal from VPCs down to access keys.
- Pull-only. No inbound network from AWS to Linro; the sensor polls + streams resources columnar-style over its existing relay channel.
- Multi-account aware. Hand it a role-trust chain across your org and it discovers the full account tree.
- Real-time event processing. EventBridge → SQS feed surfaces resource changes within seconds of an API write.