Question

When investigating an identity in the identities dossier, how can I determine what AWS IAM policy a specific permission is a part of in AWS?

  • 1 March 2024
  • 0 replies
  • 68 views

Userlevel 1
Badge

When reviewing an identity in the identity explorer, it is possible to export all entitlements tied to the identity being reviewed.  From this export additional fields can be seen one of which is the policy that each action is a part of along with the role/user it is attached to. 

To export an entitlements list as a CSV follow the below steps:

  1. Navigate to Identities > Explore: Identities, select the identity that you want to investigate.
  2. Select the Entitlements tab to display all the entitlements that identity has and select the service you want to export.
  3. Once the service is selected, click the download icon to download the csv export which includes the policy name in column F.
     

     

Example CSV Output:

Principal ID

Account ID

Account Alias

Service name

Resource

Policy name

Updated time

Actions

Used

Last Used

Revoked

Condition

arn:aws:iam::XXXXXXXXXXXX:root

XXXXXXXXXXXX

 

ebs

*

policy/test_policy

 

{"ebs:*":true}

0:UNUSED

0

1:UNKNOWN

[]

 

Additionally, if you need to identify the full arn for the specific AWS IAM policy name in the csv, use the following AWS cli command to convert the policy name to an arn.

aws iam list-policies --query 'Policies[?PolicyName==`<Your-Policy-Name>`].Arn' --output text

 

Agent

N/A

Platform

Using Lacework/Operationalizing

Cloud

AWS


0 replies

Be the first to reply!

Reply