Module learn 

Structs

LearnedPolicy

Result of learning: observed API calls mapped to IAM actions.

Functions

event_source_to_service

Maps CloudTrail eventSource (e.g. “s3.amazonaws.com”) to IAM service prefix. Public so watch.rs can reuse the same mapping table.

lookup_events

Query CloudTrail for API calls made by a specific access key within a time window.

poll_cloudtrail

Poll CloudTrail until events appear or timeout is reached. CloudTrail typically has a 5-15 minute delay.