Review Findings

Overview

The following section goes over reviewing IAM Access Analyzer Findings

Open the IAM console and navigate to Access Analyzer.
View findings filtered by status:
- Active: Unaddressed findings that need review.
- Archived: Findings marked as expected or approved.
- Resolved: Findings where access has been removed.
- All: Displays all findings regardless of status.

Resolved findings are deleted 90 days after the last update.

External access findings display details about shared resources and the policy granting external access. Key information includes:

Finding ID: Unique identifier with additional resource details.
Resource: The resource with an external access policy.
External Principal: The external entity with access (e.g., AWS account, IAM role, or user).
Condition: Conditions from the policy (e.g., access limited to a VPC).
Shared Through: The mechanism granting access (e.g., bucket policy, ACL, or access point).
Access Level: Access types (e.g., List, Read, Write, Permissions, Tagging).
Updated: Timestamp of the latest finding update or creation.
Status: Active, Archived, or Resolved.

Findings are generated based on policy changes, with updates taking up to 30 minutes to reflect.

Unused access findings help identify inactive IAM roles, permissions, keys, or passwords. Key information includes:

Finding ID: Identifier with details about the IAM entity.
Finding Type: Unused access key, password, permission, or role.
IAM Entity: The affected IAM user or role.
AWS Account ID: (For organization analyzers) The account owning the IAM entity.
Last Updated: Timestamp of the latest update or when the entity was created.
Status: Active, Archived, or Resolved.

Archiving Findings: Marks approved access as expected, moving it from active to archived. Archived findings are not deleted and remain available for review.
Resolving Findings: Happens when access is removed. Resolved findings are deleted after 90 days.

Last updated 9 months ago