Provision one read-only IAM role with an External ID. Axiom scans every region, reasons about findings, builds approval-gated execution plans, and renders the audit trail in real time.
setup time
~5 min
access mode
read-only
revoke
one_click
trace
live
policy
enforced
audit
writing
01 · CONNECT
Read-only IAM role + External ID — assumed on demand.
02 · SCAN
Multi-region inventory across every resource kind.
03 · REASON
Risk × cost × compliance prioritisation.
04 · EXECUTE
Terraform / CLI plans — approval-gated apply.
05 · AUDIT
Immutable trail · exportable evidence bundles.
Read-only by default
IAM role grants only what the setup guide lists. Writes are opt-in.
Zero stored credentials
Axiom assumes the role on demand. Nothing about your account persists at rest.
Approval-gated changes
Every proposed action requires human review. Execution is reversible by design.
Real-time audit trail
Every scan, plan, approval, and apply becomes an exportable audit record.