I look at the IAM Access Advisor and see that the user has accessed services that they have never accessed.
So I say to myself, huh? Ok, let’s see what he accessed. Maybe it was just looking at a console page that was somehow querying this service with read-only access.
So I click on Management Actions Allowed for Amazon RDS. Nothing.
I can’t click on Redshift at all – I hope that happens soon. #awswishlist
Lambda – list functions? Maybe I clicked on it by mistake?
Systems Manager: Nothing.
Looks like there’s a problem here. I want to create a policy with the necessary permissions based on this list, but this user has absolutely not used some of the services listed here. I love this feature and hope AWS continues to work on improving it so that it is 100% accurate and works for all services soon.
Hopefully this will be fixed soon and perhaps a distinction can be made between console and non-console access. #awswishlist
Follow for updates.
Teri Radichel | © 2nd sight laboratory 2023
The best way to support this blog is to subscribe to the broadcast list And type for the stories you love. If you are interested in IANS Decision Support Services so you can schedule security consulting calls with myself and other IANS faculty, please contact us on LinkedIn via the link below. THANKS!