Hi all, I was wondering if there are ways to get b...
# platform-toolbox
a
Hi all, I was wondering if there are ways to get below IAM info. I know running various aws cli/sdk commands would get you to the final result but are there any other easier options. Maybe there is an open-source tool that already does that? Anyone else try to get this info? Thanks. • List who has what access using IAM info ◦ I think access advisor can be used here along with other CLI/SDK commands but is there any other way? • Any roles/credentials that have not been used in last x days • Any roles that are not assigned to any users • Any roles that are similar to other roles to avoid duplicates ◦ is this even possible
b
What is lacking from the AWS CLI (besides identifying roles that are similar to other roles)?
a
Basically multiple commands to get to the final output.. I assume these are common questions people might have so wondering is there an easier way to find that info..
Here is the security best practices in IAM as per AWS… How do people know they comply with it without writing a bunch of commands themselves.. specially for below:
Copy code
Regularly review and remove unused users, roles, permissions, policies, and credentials
e
You may want to look at steampipe (https://steampipe.io). You can treat resource types as SQL tables and perform regular SQL queries to get data, also combine data from different sources. You can also make dashboards to show various results.
a
Thanks for sharing it, Erik. It looks interesting. I will try it out.
a
Steampipe and sql is the best option