Phone Get Quote
US Sales: +1 888 720 9500
US Support: +1 844 245 1108
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: + 1 408 454 4213


AWS IAM activity reporting

AWS Identity and Access Management (IAM) helps securely control access to AWS resources. Administrators use IAM to create AWS users and groups and manage their access to resources in AWS.

Maintaining a secure AWS environment requires keeping a close eye on IAM activity. Vigilance helps prevent security disasters, like the unauthorized or accidental creation of a privileged user with complete access to AWS resources.

Cloud Security Plus's reports provide an overview of IAM activity, ensuring that no IAM activities go unnoticed. These reports cover actions involving IAM users, groups, roles, MFA devices, and access keys.

IAM activity reports display:

  • When an event occurred
  • Which user was responsible for an event
  • The source IP address of the request
  • The AWS region in which the event took place
  • Request parameters

List of IAM activity reports

  • IAM credential report: Lists all the users and the status of their various credentials, including passwords, access keys, server certificates and MFA devices.
  • IAM group reports: Lists the groups that have recently been created, deleted, or updated (e.g. user is added to a group)
  • IAM user reports: Lists the users and groups that have recently been created, deleted, or updated (e.g. user is added to a group or attached to a policy).
  • IAM role reports: Lists the creation and deletion of IAM roles.
  • IAM Policy report: Lists the newly created, deleted, edited and all other changes made to the policy.
  • IAM errors report: Displays unsuccessful IAM events, with details on the error code, type of error, and error message.
  • IAM user activity report: Records every action performed by an IAM user.
  • Unauthorized IAM activity report: Lists all IAM activity with the "Access Denied" HTTP error code.
  • IAM credential report
    Users recently added to groups report
    IAM errors report
  • MFA device reports: Lists MFA devices that were recently enabled or deactivated.
  • Access key reports: Shows access keys that have been recently created, deleted, or updated. Includes the access key ID, who generated the access key, and when it was generated.

Are you looking for a unified SIEM solution that can help you control access to AWS resources? Try Log360 today!

  Free 30-day trial  Request demo
© 2022 Zoho Corporation Pvt. Ltd. All rights reserved.