permissions = [
  'sts:GetCallerIdentity',
  'ec2:DescribeRegions',
  'ec2:DescribeInstances',
  'account:GetAlternateContact',
  'iam:GenerateCredentialReport',
  'iam:GetCredentialReport',
  'iam:GetAccountPasswordPolicy',
  'iam:ListUsers',
  'iam:ListAttachedUserPolicies',
  'iam:ListUserPolicies',
  'cloudtrail:DescribeTrails',
  'cloudtrail:GetTrailStatus',
  'cloudtrail:GetTrail',
  's3:GetAccountPublicAccessBlock',
  's3:GetBucketPublicAccessBlock',
  's3:ListBucket',
  's3:ListAllMyBuckets',
  'cloudwatch:DescribeAlarms',
  'ec2:DescribeNetworkInterfaces',
  'ec2:DescribeVpcs',
  'ec2:DescribeSubnets',
  'support:DescribeTrustedAdvisorChecks',
  'guardduty:ListDetectors',
  'guardduty:GetDetector'
]