AWS Identity and Access Management (IAM)

Version: AWS LogForwarder v1.0.10 or later.

AWS Identity and Access Management (IAM) is a web service for securely controlling access to AWS resources. It enables you to create and control services for user authentication or limit access to a certain set of people who can use AWS resources. With IAM policies, users can manage permissions to the workforce and systems ensuring least-privilege permissions.

Netsurion monitors events from AWS IAM by parsing the AWS CloudTrail logs and triggers from Amazon EventBridge. Dashboards and reports in Netsurion, will track the overall actions that are performed related to the Amazon IAM service to keep you informed about its activities. It will trigger alerts whenever an action that is critical to the service is carried out.

For a new instance, integrate the AWS instance to Netsurion using the Netsurion integrator lambda function, which will in turn deliver logs to Netsurion from AWS. For an already-integrated AWS instance, make sure to update to AWS LogForwarder v1.0.1 or later.

Some of the Data Source Integrations available in Netsurion are listed below.

Alerts

Type Name Description
Security AWS IAM - Add policy and roles This alert is triggered when a new policy created is detected in the Identity and Access Management (IAM) service.
Security AWS IAM - Create new user and group This alert is triggered when an attempt is made to create a new user or new group in the Identity and Access Management (IAM) console.
Security AWS IAM - Delete group and user This alert is triggered when an attempt is made to delete or remove a user or group from the IAM console.
Security AWS IAM - Delete policy and role This alert is triggered when the AWS service policies or role has been deleted by the user from the Identity and Access Management (IAM) console.
Security AWS IAM - Create and delete access key This alert is triggered when the credentials have been deleted or newly created by the user in the Identity and Access Management (IAM) console.

Reports

Type Name Description
Security AWS IAM - Activity Overview This report contains relevant information related to all activities in AWS IAM.

Documentation

The configuration details are consistent with Netsurion version 9.3 or later, and AWS LogForwarder v1.0.10 or later.

Download Integration Guide and How-to Guide for more information and to configuration instructions.