CloudAgent gives you AI agents that manage your cloud infrastructure. They handle tasks like security compliance, cost optimization, deployments, and monitoring. You remain in control as agents show you their plans, wait for your approval, then execute. Think of it as having a cloud operations team that works 24/7 without needing to hire an army of cloud experts.

How can AI agents be trusted with production cloud infrastructure?

You stay in control through approval workflows where every infrastructure change can require human approval before execution, custom security controls with granular access rules, complete audit trails of every action, self-hosted deployment options, and progressive trust models starting with read-only access.

How does it actually reduce costs?

CloudAgent agents delete unused resources, schedule non-production shutdowns, right-size infrastructure based on usage patterns, and recommend architectural optimizations. Early customers report 15-40% cost reduction within 90 days. Unlike dashboards, CloudAgent actually fixes the problems.

1. Assessment Phase

Enumerate customer-managed IAM policies in the account
Identify customer-managed IAM policies with no attachments
Collect detailed metadata for unattached IAM policies
User: Review unattached IAM policies and select policies to delete

2. Configuration Phase

Remove selected unattached customer-managed IAM policies

3. Validation Phase

Confirm deletion of selected unattached IAM policies

1 Credits

Clean Up Unused Customer-Managed IAM Policies

Overview

Clean up unused customer-managed IAM policies to reduce security risk and configuration clutter. This plan walks through discovering all customer-managed IAM policies, identifying those that are completely unattached, collecting rich metadata for review, guiding you through which policies to remove, deleting the approved policies, and finally validating and reporting on what was removed.

Execution Details

Assessment Phase

In the Assessment Phase, the plan discovers relevant IAM policies and prepares detailed information so you can make informed decisions.

Enumerate customer-managed IAM policies in the account
Collect a complete inventory of customer-managed IAM policies (excluding AWS managed policies). For each policy, record key attributes such as policy name, ARN, default version ID, and any available attachment counts. The results are stored in a structured format (for example, a table or JSON) and checked to ensure the inventory is complete.
Identify customer-managed IAM policies with no attachments
Use the inventory to determine which policies are not attached to any IAM users, roles, or groups. The output is a refined list of policies with zero attachments, including their names, ARNs, and attachment counts, stored in a format ready for deeper metadata collection and user review.
Collect detailed metadata for unattached IAM policies
For each unattached policy, gather full contextual information:
- The complete policy document for the default version
- Identifiers such as name, ARN, path, and default version ID
- Creation and last updated timestamps
- Tags and, where available, policy last accessed information
  All of this is assembled into a consolidated dataset so that every unattached policy has a full metadata and document record suitable for archival or detailed review.
User: Review unattached IAM policies and select policies to delete
Present you with the compiled list of unattached policies, including key metadata (name, ARN, creation date, last updated date, tags, and any last accessed data). You are guided through reviewing these policies, with the ability to inspect full policy documents as needed. You then confirm which specific unattached policies should be deleted, ensuring they are not needed for future use or referenced outside IAM attachments. The outcome is a durable, user-approved deletion list with names and ARNs.

Configuration Phase

In the Configuration Phase, the plan removes only the policies you have explicitly approved.

Remove selected unattached customer-managed IAM policies
Load the user-approved deletion list and, just before deletion, re-confirm that each policy is still customer-managed and remains unattached to users, roles, or groups. Approved policies are then deleted from IAM. Each deletion is logged with success or failure details, and two structured result sets are produced: one listing policies successfully deleted and another listing any that could not be deleted, along with reasons (for example, the policy became attached or no longer exists).

Validation Phase

The Validation Phase ensures accuracy and produces an auditable record of the cleanup.

Confirm deletion of selected unattached IAM policies
Retrieve an updated list of all customer-managed IAM policies and compare it with the set of policies recorded as successfully deleted. Verify that none of the supposedly deleted policies still exist. If any remain, record their status and any new attachments. The phase concludes with a final validation report summarizing how many policies were requested for deletion, how many were successfully removed, and which (if any) remain with explanations. This report is stored in an accessible format and location for future audit or review.