Review Findings

Overview

The following section goes over reviewing IAM Access Analyzer Findings

Access the Findings Dashboard

  • Open the IAM console and navigate to Access Analyzer.

  • View findings filtered by status:

    • Active: Unaddressed findings that need review.

    • Archived: Findings marked as expected or approved.

    • Resolved: Findings where access has been removed.

    • All: Displays all findings regardless of status.

External Access Findings

External access findings display details about shared resources and the policy granting external access. Key information includes:

  • Finding ID: Unique identifier with additional resource details.

  • Resource: The resource with an external access policy.

  • External Principal: The external entity with access (e.g., AWS account, IAM role, or user).

  • Condition: Conditions from the policy (e.g., access limited to a VPC).

  • Shared Through: The mechanism granting access (e.g., bucket policy, ACL, or access point).

  • Access Level: Access types (e.g., List, Read, Write, Permissions, Tagging).

  • Updated: Timestamp of the latest finding update or creation.

  • Status: Active, Archived, or Resolved.

Unused Access Findings

Unused access findings help identify inactive IAM roles, permissions, keys, or passwords. Key information includes:

  • Finding ID: Identifier with details about the IAM entity.

  • Finding Type: Unused access key, password, permission, or role.

  • IAM Entity: The affected IAM user or role.

  • AWS Account ID: (For organization analyzers) The account owning the IAM entity.

  • Last Updated: Timestamp of the latest update or when the entity was created.

  • Status: Active, Archived, or Resolved.

Managing Findings

  • Archiving Findings: Marks approved access as expected, moving it from active to archived. Archived findings are not deleted and remain available for review.

  • Resolving Findings: Happens when access is removed. Resolved findings are deleted after 90 days.

Last updated