Utilizing the Cloud Entitlement Dashboard, you can gain a comprehensive overview of the risks identified in your cloud environment. These risks stem from excessively permissive permissions assigned through policies, security-critical actions taken by users, inactive roles, and more.
The dashboard automatically detects overly permissive identities based on actual usage and offers recommendations for the appropriate privileges that should be assigned. This helps enhance the overall security posture of your cloud environment.
Step 1: Access Cloud Entitlements
After you login, select Cloud Security from the landing page. Next, click the App Launcher(on top of the page) and choose CIEM(Cloud Infrastructure Entitlement Management).
Step 2: Get an Overview of the Inactive Users, Roles, and Over-Privileged Identities
View the count of:
- IAM (Identity Access Management) Users who have not been active and pose a security risk. The unused or excessive permissions result in privilege escalation or account compromise issues.
- Groups having excessive permissions in the associated cloud service
- Policies attached to the identity(Users, User Groups, or Roles) that grant permissions more than what’s needed
- The number of inactive IAM (Identity Access Management) Roles in your AWS account that may increase over time, making them unused or obsolete
- Critical Activities that determine which permissions were in use
- Recommended remediation for the identified misconfigurations for different identities and severity status to help prioritize them
Step 3: View the Detailed Statistics of Every Entity
Click on the entities from the various sections and get a detailed summary on the:
- User and their associated AWS permissions. Key details include: User Information with Name, ID, ARN, Created date, Last accessed date, Inline Policies, Managed policies, User groups, and High Privilege policies
- Policy details with Name, Policy ID, Created Date, Active Version, Users, Groups, Roles(Association link to one or more excessive roles), Policy Type, and Evidence
- Group details with Name, ID, ARN, Created date, Users(association link with one or more users), Managed policies(association links of one or more policies), Inline Policies(association links of one or more policies), and High Privilege policies(association links of one more policies with elevated privileges)
- Role details with Name, ID, ARN, Created Date, Last Accessed Date, Inline Policies, Managed policies(association links of one or more policies), Users, and High Privilege policies(association links of one more policies with elevated privileges)
Step 4: Examine Permissions with Details Map
Examine the permissions mapped to an identity by looking into the details.
See Also
