Heimdall is an AWS security scanner designed to identify privilege escalation paths that attackers could exploit for gaining admin access. It detects over 50 IAM privilege escalation patterns and maps more than 85 attack chains to the MITRE ATT&CK framework. The tool analyzes 10 AWS services, including EC2, RDS, and S3, to uncover cross-service escalation risks. Its low false-positive rate has been validated on production accounts with numerous roles, making it a reliable choice for security assessments. Installation is straightforward, requiring just a few commands after cloning the GitHub repository. Users can generate a comprehensive security overview with a single command, revealing IAM roles, users, and any identified escalation paths. For instance, scanning a profile might show no risks or uncover several critical opportunities, detailing how specific user roles can escalate privileges through indirect paths. The tool also features a Terraform engine that analyzes IAM attack paths before deployment, allowing teams to catch potential vulnerabilities early in the development process. Heimdall provides a user-friendly terminal interface with interactive visualizations, making it easy to navigate findings and explore attack chains. Users can produce detailed reports in various formats, including SARIF for GitHub Security and CSV for spreadsheets. With its focus on multi-hop detection and real-time scanning, Heimdall empowers users to maintain a solid security posture in their AWS environments.