Excessive Permission
Last updated
Last updated
The IAM user and service which not used or rarely used the ACS platform evaluated those data excessive permission. This is means the data of IAM user and service in excessive page evaluated with some certain criteria.
Top of the excessive permission page give user a over view of
Inactive user
Inactive service
Over privileged service identities
Over privileged users
Excessive permission also have 5 filters to filter the data for clear and concise view
IAM type filter
Severity filter
Services filter
Label filter
Last activity filter
The user can also spot
All the inactive and overprivileged IAM users and roles in result
Their last activity
Service used by IAM users and role
Findings for IAM users and role
Inactive users: Inactive user is like a IAM user who did not login in past 90 days
Inactive services: Inactive services is the service is use in past 90 days
Overprivileged service identities: Overprvileged service identities is like the service was never being used.
Overprivileged users: Overprivileged users who never logged in the platform
IAM type filter: The user can spot the result of the excessive permission page by IAM type. Users can have a separate view of IAM user and IAM roles by IAM type filter
Severity filter: The user can spot the result of the excessive permission page by the impact of severity as well. 4 severity parameters are available on the excessive permission page e.g. Critical severity, High severity, Medium severity, and low severity.
Services filter: A IAM user might take several services in a platform e.g.Amazon Managed Service for Prometheus, Amazon EC2, Amazon Route 53 Domains, AWS CloudWatch RUM, Amazon Connect Voice ID, etc. So our users can also see the result of excessive permission page by service taken by the IAM user.
Label filter: Label filter allows the user to spot the result of the excessive permission page by its label e.g. MFA, No MFA, Admin, EC2 elevated permission, 3rd party, etc.
Last activity filter: Last activity filter allows the user to select a date range and spot the result within the date range.
