Cloud Asset Inventory: querying the asset graph
We currently support AWS only. Azure and GCP are coming soon.
How to use
Query your cloud inventory on the assets tab by describing what you are looking for in natural language and let the system figure out how to find the relevant asset. Below some examples.
Simple prompts
Prompt | Why It Matters |
|---|---|
public s3 buckets | Public S3 buckets are frequently misconfigured and can lead to data exposure or leaks. There are also multiple ways to make a bucket public. |
buckets outside eu | Helps enforce data residency compliance (e.g., GDPR), ensuring sensitive data doesn't leave allowed regions. |
users without mfa | Accounts without Multi-Factor Authentication are vulnerable to account takeover via credential theft. |
users with programmatic access | Identifies users who can interact with the cloud via API keys—these credentials are a common target for attackers. |
databases without deletion protection | Prevents accidental or malicious deletion of critical databases. |
Networking prompts
Prompt | Why It Matters |
|---|---|
EC2 instances with open management ports | Ports like SSH (22) and RDP (3389) open to the internet are major attack vectors for unauthorized access. |
RDS databases allowing traffic from ec2 instances | Helps identify trust relationships and lateral movement paths that attackers could exploit. |
Lambda functions not running in VPCs | Functions outside VPCs may lack network controls and expose sensitive traffic to the public internet. |
ec2 instances that might host databases | Helps identify data stores that may need additional protection or monitoring, even if not explicitly labeled. |
lambdas with access to VPC endpoints | Misused Lambda functions with VPC access can interact with sensitive internal services or databases. |
IAM prompts
Prompt | Why It Matters |
|---|---|
ec2 instances with access to s3 buckets | Detects possible data exfiltration paths via overly-permissive IAM roles. |
lambdas that can create users | Functions with privilege to create users can be abused for persistence or privilege escalation. |
iam roles accessible from other accounts | Cross-account access increases your attack surface and may be unmonitored. |
users with admin privileges | Overprivileged users are a primary cause of security misconfigurations and insider threats. |
overprivileged IAM roles | Detects roles with excessive permissions that exceed least-privilege best practices. |
CVEs/EOL issues
Prompt | Why It Matters |
|---|---|
ec2 instances vulnerable to CVE-2025-21613 | Allows targeted remediation of known, high-risk vulnerabilities in your infrastructure. |
ec2 instances running outdated OS | Legacy systems often lack critical security patches and support, increasing risk. |
VMs with outdated python | Outdated runtimes can be vulnerable and incompatible with modern security libraries. |
VM with critical vulnerabilities | Prioritizes remediation of VMs that have the highest likelihood of being exploited, based on vulnerability severity. |
ec2 instances vulnerable to log4shell | Specific vulnerability targeting ensures you can patch critical zero-days quickly and thoroughly. |
Advanced: combine them
Prompt | Why It Matters |
|---|---|
show me public ec2 instances vulnerable to CVE-2025-21613 with access to s3 buckets | Models an end-to-end attack chain: public exposure + vulnerability + access to sensitive data. |
lambda functions created manually | Manual provisioning can bypass IaC guardrails or compliance checks. |
functions exposed to the internet with admin permissions | Serverless resources with admin rights and internet exposure can be abused for privilege escalation and data exfiltration. |
my riskiest datastores | Lets Aikido surface the highest-risk data assets based on exposure, vulnerability, and privilege — for prioritized protection. |
Prompting Best Practices
Describe anything: There are no predefined prompts, terms, or rules to follow. You can describe anything you want to see from your cloud environment, and let Aikido figure out what it needs to search and generate the queries.
Use single keywords for broad discovery: Enter a single keyword, and Aikido will run a broad text search across your assets. For example, searching for a user’s name will return:
that user,
any groups they belong to,
assets where their name appears in tags,
and policies that mention them.
Tip: Use keyterms like usernames, instance names, or tag values to quickly find relevant assets and permissions. For example, typing alice might show you her user profile, groups she's in, EC2 instances tagged with her name, and IAM policies that mention her — all in one search.
How It Works (Extended)
After you connect your cloud environments, Aikido automatically builds an asset inventory, giving you visibility across your accounts and regions. Aikido synchronizes the inventory as part of the cloud scans (scheduled and manually triggered) by calling the cloud provider's APIs. Additionally, it enriches the graph with data from the Aikido platform, such as vulnerabilities and end-of-life issues found on virtual machines and containers.
You can access the cloud asset inventory by going to Clouds -> Assets tab. This shows you the assets from all your connected clouds. Alternatively, you can navigate to a specific cloud and, on the assets tab, you will see only the assets from that cloud
To query your cloud inventory, you describe what you want in natural language and let the system figure out how to find the relevant assets. Aikido translates the prompt into one or more steps, depending on the complexity of the prompt. It then shows you the intermediate results as it implements the steps to achieve the final result.
In the example from above, for the prompt "show me EC2 instances with access to S3 buckets", Aikido looked for EC2 instances with IAM roles (attached through instance profiles), found the IAM roles with access to S3 buckets (whether granted through inline or attached policies), found the bucket policies granting access to IAM roles, and combined these in the final result.
You can see a summary of each step by clicking the Explain Result button in the top right. Here is what this looks like for the previous prompt:
Extra notes
If you search for one word, Aikido performs a text search, allowing you to find assets by name or other fields. For example, if you search for the name of a user, Aikido will return that user and any group the user is a member of, assets for which the user is mentioned in the tags, as well as policies referencing the user by ARN.
Aikido caches the prompts, serving subsequent searches much quicker. It also shows you your previous searches (only for your user).