Activity Logs & Alerts:

• CloudTrail Logs ( full reference here )

• GuardDuty Findings & Alerts (If enabled)

Identities and their profile information & Configuration

• Users (SSO & Locally Managed)

• Groups

• Roles

• Policies

• SAML\OpenID Providers

• Access Advisor Information

Assets Configuration - The existence of the resource and its configuration (with no data access)

• ACM - Certificates

• API Gateway Resources (V1\V2)

• AutoScaling Resources

• CloudFormation Stacks

• CloudFront Resources

• CloudTrail Settings

• Cognito Identity Pools

• DocDB Resources

• DynamoDB Resources

• EC2 & Networking Resources

• ECR Resources

• ECS\EKS Resources

• ElasticCache Resources

• Elastic Load Balancer Resources (V1\V2)

• GuardDuty Alerts and Detectors

• Kafka (MSK, KafkaConnect) Resources

• Lambda Functions & Layers

• Log Groups

• Neptune Databases

• Organizational Structures & Account Owners

• Security Hub Controls & Findings

• SNS, SQS Resources

• SSM Commands & Agents

• WAF (V1\V2)

• Workspaces Resources

• RDS Resources

• Route53

• S3 Buckets

• Secrets Manager (The existence of secret, no access to the secret itself)

• SES (v1\v2)