aws.iam
Supported platform
- aws
Description
AWS service to create and manage permissions for users and groups
Use the aws.iam
resource to assess the configuration of the AWS IAM service. The resource provides a list of aws.iam.user
resources representing GuardDuty Detectors deployed across all enabled regions.
Fields
ID | TYPE | DESCRIPTION |
---|---|---|
users | []aws.iam.user | List of IAM users in the account |
roles | []aws.iam.role | List of IAM roles in the account |
groups | []aws.iam.group | List of IAM groups in the account |
policies | []aws.iam.policy | List of IAM policies in the account |
attachedPolicies | []aws.iam.policy | List of IAM policies attached to a user, role, or group |
credentialReport | []aws.iam.usercredentialreportentry | IAM credential report |
accountPasswordPolicy | dict | IAM account password policy for the account |
accountSummary | map[string]int | IAM account summary |
virtualMfaDevices | []aws.iam.virtualmfadevice | List of virtual mfs devices associated with the account |
serverCertificates | []dict | List of server certificates stored in IAM |
instanceProfiles | []aws.iam.instanceProfile |
Examples
Return a list of aws.iam.user
resources representing IAM users in the account and specified fields
aws.iam.users {
users
roles
groups
policies
attachedPolicies
accountSummary
virtualMfaDevices
serverCertificates
}
Return a list of users that do not have MFA configured along with the ARN, name, and associated IAM Groups
aws.iam.credentialReport.where(mfaActive == false) {
user {
arn
name
groups
}
}
Do not setup access keys during initial user setup for all IAM users that have a console password
aws.iam.credentialReport.
where(
passwordEnabled &&
accessKey1Active &&
userCreationTime < time.today
).
all(
accessKey1LastUsedDate != null
)
References