diff --git a/providers/aws/resources/aws.lr.go b/providers/aws/resources/aws.lr.go
index c5f3076457..48ba023a0d 100644
--- a/providers/aws/resources/aws.lr.go
+++ b/providers/aws/resources/aws.lr.go
@@ -467,7 +467,7 @@ func init() {
 			Create: createAwsEc2InstanceDevice,
 		},
 		"aws.ec2.securitygroup": {
-			// to override args, implement: initAwsEc2Securitygroup(runtime *plugin.Runtime, args map[string]*llx.RawData) (map[string]*llx.RawData, plugin.Resource, error)
+			Init: initAwsEc2Securitygroup,
 			Create: createAwsEc2Securitygroup,
 		},
 		"aws.ec2.securitygroup.ippermission": {
diff --git a/providers/aws/resources/aws_cloudwatch.go b/providers/aws/resources/aws_cloudwatch.go
index d319ea1287..b0c9521c7a 100644
--- a/providers/aws/resources/aws_cloudwatch.go
+++ b/providers/aws/resources/aws_cloudwatch.go
@@ -176,7 +176,7 @@ func initAwsCloudwatchMetric(runtime *plugin.Runtime, args map[string]*llx.RawDa
 		return args, nil, err
 	}
 	if len(metrics.Metrics) == 0 {
-		return nil, nil, nil
+		return nil, nil, errors.New("no metrics found")
 	}
 	if len(metrics.Metrics) > 1 {
 		return nil, nil, errors.New("more than one metric found for " + namespace + " " + name + " in region " + region)
diff --git a/providers/aws/resources/aws_ec2.go b/providers/aws/resources/aws_ec2.go
index 34564fff6c..51c8100c58 100644
--- a/providers/aws/resources/aws_ec2.go
+++ b/providers/aws/resources/aws_ec2.go
@@ -733,11 +733,11 @@ func (a *mqlAwsEc2) gatherInstanceInfo(instances []ec2types.Reservation, imdsvVe
 			if instance.ImageId != nil {
 				mqlImage, err := NewResource(a.MqlRuntime, "aws.ec2.image",
 					map[string]*llx.RawData{"arn": llx.StringData(fmt.Sprintf(imageArnPattern, regionVal, conn.AccountId(), convert.ToString(instance.ImageId)))})
-				if err != nil {
-					return nil, err
-				}
-				if mqlImage != nil {
+				if err == nil {
 					args["image"] = llx.ResourceData(mqlImage, mqlImage.MqlName())
+				} else {
+					log.Error().Err(err).Msg("cannot find image")
+					args["image"] = llx.NilData
 				}
 			} else {
 				args["image"] = llx.NilData
@@ -749,11 +749,11 @@ func (a *mqlAwsEc2) gatherInstanceInfo(instances []ec2types.Reservation, imdsvVe
 					map[string]*llx.RawData{
 						"arn": llx.StringData(fmt.Sprintf(vpcArnPattern, regionVal, conn.AccountId(), convert.ToString(instance.VpcId))),
 					})
-				if err != nil {
-					return nil, err
-				}
-				if mqlVpcResource != nil {
+				if err == nil {
 					args["vpc"] = llx.ResourceData(mqlVpcResource, mqlVpcResource.MqlName())
+				} else {
+					log.Error().Err(err).Msg("cannot find vpc")
+					args["vpc"] = llx.NilData
 				}
 			} else {
 				args["vpc"] = llx.NilData
@@ -766,11 +766,11 @@ func (a *mqlAwsEc2) gatherInstanceInfo(instances []ec2types.Reservation, imdsvVe
 						"region": llx.StringData(regionVal),
 						"name":   llx.StringData(convert.ToString(instance.KeyName)),
 					})
-				if err != nil {
-					return nil, err
-				}
-				if mqlKeyPair != nil {
+				if err == nil {
 					args["keypair"] = llx.ResourceData(mqlKeyPair, mqlKeyPair.MqlName())
+				} else {
+					log.Error().Err(err).Msg("cannot find keypair")
+					args["keypair"] = llx.NilData
 				}
 			} else {
 				args["keypair"] = llx.NilData
@@ -802,7 +802,7 @@ func initAwsEc2Image(runtime *plugin.Runtime, args map[string]*llx.RawData) (map
 	arnVal := args["arn"].Value.(string)
 	arn, err := arn.Parse(arnVal)
 	if err != nil {
-		return nil, nil, nil
+		return nil, nil, err
 	}
 	resource := strings.Split(arn.Resource, "/")
 	conn := runtime.Connection.(*connection.AwsConnection)
@@ -824,14 +824,14 @@ func initAwsEc2Image(runtime *plugin.Runtime, args map[string]*llx.RawData) (map
 		return args, nil, nil
 	}
 
-	return args, nil, nil
+	return nil, nil, errors.New("image not found")
 }
 
 func (a *mqlAwsEc2Securitygroup) id() (string, error) {
 	return a.Arn.Data, nil
 }
 
-func initAwsEc2SecurityGroup(runtime *plugin.Runtime, args map[string]*llx.RawData) (map[string]*llx.RawData, plugin.Resource, error) {
+func initAwsEc2Securitygroup(runtime *plugin.Runtime, args map[string]*llx.RawData) (map[string]*llx.RawData, plugin.Resource, error) {
 	if len(args) > 2 {
 		return args, nil, nil
 	}
diff --git a/providers/aws/resources/aws_iam.go b/providers/aws/resources/aws_iam.go
index b97bd979ca..b0325bd8b5 100644
--- a/providers/aws/resources/aws_iam.go
+++ b/providers/aws/resources/aws_iam.go
@@ -854,6 +854,9 @@ func (a *mqlAwsIamUser) attachedPolicies() ([]interface{}, error) {
 }
 
 func (a *mqlAwsIamPolicy) id() (string, error) {
+	if a == nil {
+		return "", nil
+	}
 	return a.Arn.Data, nil
 }
 
diff --git a/providers/aws/resources/aws_s3.go b/providers/aws/resources/aws_s3.go
index 9314484ed7..bee3254471 100644
--- a/providers/aws/resources/aws_s3.go
+++ b/providers/aws/resources/aws_s3.go
@@ -179,17 +179,23 @@ func (a *mqlAwsS3Bucket) policy() (*mqlAwsS3BucketPolicy, error) {
 	})
 	if err != nil {
 		if isNotFoundForS3(err) {
-			return &mqlAwsS3BucketPolicy{}, nil
+			a.Policy.State = plugin.StateIsNull | plugin.StateIsSet
+			return nil, nil
 		}
-		return &mqlAwsS3BucketPolicy{}, err
+		return nil, err
 	}
 
 	if policy != nil && policy.Policy != nil {
 		// create the policy resource
+		pol, err := parsePolicyDocument(convert.ToString(policy.Policy))
+		if err != nil {
+			return nil, err
+		}
 		mqlS3BucketPolicy, err := CreateResource(a.MqlRuntime, "aws.s3.bucket.policy",
 			map[string]*llx.RawData{
 				"name":     llx.StringData(bucketname),
 				"document": llx.StringData(convert.ToString(policy.Policy)),
+				"id":       llx.StringData(pol.Id),
 			})
 		if err != nil {
 			return nil, err
@@ -198,7 +204,13 @@ func (a *mqlAwsS3Bucket) policy() (*mqlAwsS3BucketPolicy, error) {
 	}
 
 	// no bucket policy found, return nil for the policy
-	return &mqlAwsS3BucketPolicy{}, nil
+	a.Policy.State = plugin.StateIsNull | plugin.StateIsSet
+
+	return &mqlAwsS3BucketPolicy{
+		Id:       plugin.TValue[string]{State: plugin.StateIsSet | plugin.StateIsNull, Data: ""},
+		Name:     plugin.TValue[string]{State: plugin.StateIsSet | plugin.StateIsNull, Data: ""},
+		Document: plugin.TValue[string]{State: plugin.StateIsSet | plugin.StateIsNull, Data: ""},
+	}, nil
 }
 
 func (a *mqlAwsS3Bucket) tags() (map[string]interface{}, error) {
@@ -601,16 +613,19 @@ func (a *mqlAwsS3BucketCorsrule) id() (string, error) {
 }
 
 func (a *mqlAwsS3BucketPolicy) id() (string, error) {
-	policy, err := a.parsePolicyDocument()
-	if err != nil || policy == nil {
-		return "none", err
+	if a == nil {
+		return "", nil
 	}
-	return policy.Id, nil
+	return a.Id.Data, nil
 }
 
 func (a *mqlAwsS3BucketPolicy) parsePolicyDocument() (*awspolicy.S3BucketPolicy, error) {
 	data := a.Document.Data
 
+	return parsePolicyDocument(data)
+}
+
+func parsePolicyDocument(data string) (*awspolicy.S3BucketPolicy, error) {
 	var policy awspolicy.S3BucketPolicy
 	err := json.Unmarshal([]byte(data), &policy)
 	if err != nil {
diff --git a/providers/aws/resources/aws_sns.go b/providers/aws/resources/aws_sns.go
index cec7a2120f..cb3120ea3c 100644
--- a/providers/aws/resources/aws_sns.go
+++ b/providers/aws/resources/aws_sns.go
@@ -60,7 +60,7 @@ func (a *mqlAwsSnsTopic) init(runtime *plugin.Runtime, args map[string]*llx.RawD
 	arnVal := args["arn"].Value.(string)
 	arn, err := arn.Parse(arnVal)
 	if err != nil {
-		return nil, nil, nil
+		return nil, nil, err
 	}
 
 	args["arn"] = llx.StringData(arnVal)