iam

Is your feature request related to a problem? Please describe.

As observed during #261, users can accidentally set timeouts inconsistently. A concrete example is that one can set a User facing timeout lower than any backend timeout, such that requests may fail early.

Describe the solution you'd like

We should provide some sanity checking to prevent unintended timeout behavior.

• There are still mentions of a triage worksheet. "Cloudsplaining identifies violations of least privilege in AWS IAM policies and generates a pretty HTML report with a triage worksheet. It can scan all the policies in your AWS account or it can scan a single policy file." The worksheet is mentioned several times.
• As shown in the above, there is no mention of multiple AWS accounts
• The GIF st

#22 introduced a feature to guess actions that are similar to an existing policy. It currently doesn't support all actions.

Here's things I currently know are missing (comment if you find more):

• KMS: Encrypt, Decrypt, GenerateDataKey, ...
• ECR: BatchDeleteImage, BatchGetImage, ...
• *Deregister*
• *Modify*
• *Remove*
• API Gateway: (DELETE,

running airiam recommend_groups, in MAC gives this error

`INFO:botocore.credentials:Found credentials in shared credentials file: ~/.aws/credentials
Reusing local data
INFO:root:Analyzing data for account 051349106950
INFO:root:Using the default UserOrganizer
Traceback (most recent call last):
File "/usr/local/bin/airiam", line 5, in
run()
File "/usr/local/Cellar/airiam/

After creating a custom login policy, the active identity providers are still listed from default. Same ist for MFA and 2FA, ...

From the screenshots below, you can see that the new policy is loaded after creation and reset. But only the policy itself and not the identity providers and factors:
![image](https://user-images.githubusercontent.com/9405495/143998582-86d03161-287f-4448-b0e4-feca882