Support
 
Phone Get Quote
 
Support
 
US: +1 888 720 9500
US: +1 888 791 1189
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: + 1 408 454 4213

 
 
 
 

AWS IAM activity reporting

AWS Identity and Access Management (IAM) helps securely control access to AWS resources. Administrators use IAM to create AWS users and groups and manage their access to resources in AWS.

Maintaining a secure AWS environment requires keeping a close eye on IAM activity. Vigilance helps prevent security disasters, like the unauthorized or accidental creation of a privileged user with complete access to AWS resources.

Cloud Security Plus's reports provide an overview of IAM activity, ensuring that no IAM activities go unnoticed. These reports cover actions involving IAM users, groups, roles, MFA devices, and access keys.

IAM activity reports display:

  • When an event occurred
  • Which user was responsible for an event
  • The source IP address of the request
  • The AWS region in which the event took place
  • Request parameters

List of IAM activity reports

    IAM credential report

  • IAM credential report: Lists all the users and the status of their various credentials, including passwords, access keys, server certificates and MFA devices.
  • IAM group and user reports: Lists the users and groups that have recently been created, deleted, or updated (e.g. user is added to a group or attached to a policy).
  • IAM role reports: Lists the creation and deletion of IAM roles.
  • Users recently added to groups report

  • Users recently added to groups report: Shows which users have recently been added to which groups and by whom.
  • IAM errors report

  • IAM errors report: Displays unsuccessful IAM events, with details on the error code, type of error, and error message.
  • IAM user activity report: Records every action performed by an IAM user.
  • unauthorized-iam-activity-thumb

  • Unauthorized IAM activity report: Lists all IAM activity with the "Access Denied" HTTP error code.
  • Password changes report: Tracks which passwords were changed recently.
  • Virtual MFA device reports: Records all virtual MFA devices that were recently created or deleted.
  • MFA device reports: Lists MFA devices that were recently enabled or deactivated.
  • Access key reports: Shows access keys that have been recently created, deleted, or updated. Includes the access key ID, who generated the access key, and when it was generated.
Live Chat with our Experts