Check your AWS IAM policy limit in a group regularly

AWS-IAM-Policy-Group-Limit

Identity & Access Management (IAM) is the access control service that almost every AWS user makes use of, to ensure their account is secure. However, users should also be aware of their AWS IAM group limits to have effective control over their AWS resources.

Do you know the limit of your AWS IAM policy per group?

You can manage access in AWS by creating policies and attaching them to IAM identities such as users, groups of users, roles, etc. A policy is an object in AWS which defines the permission when it is associated with an identity or resource. AWS evaluates these policies when a request is initiated by an IAM entity. Permissions in the policies determine whether the request is to be allowed or denied.

AWS imposes usage limit on the number of policies that one can assign to any IAM group. It becomes important for users to take note of how much quota of policy is left and how of policy limit quota is available for use.

Centilytics helps IAM users to be aware of their resource limits by notifying them about their consumed and leftover limit of IAM policies they can assign to a group.

Insight descriptions:

There can be 3 possible scenarios:

Severity Description
CRITICAL This indication will be displayed when the user has breached 100% of the specified limit of the corresponding resource.
WARNING This indication will be displayed when the user has breached 80% of the specified limit of the corresponding resource.
OK This indication will be displayed when the user has breached less than 80% of the specified limit of the corresponding resource.

 

Description of further columns are as follows:

  1. Account Id: This column shows the respective account ID of the user’s account.    AWS IAM 5
  2. Account Name: This column shows the corresponding account name to the user’s account.AWS IAM 6
  3. Limit Amount: This column shows the limit of the resource which is available. Here, the limit refers to the lambda code size (in bytes).AWS IAM 4
  4. Current usage: This column shows the current usage level of the corresponding resource.AWS IAM 3
  5. Service: This column shows the type of service limit.AWS IAM 2
  6. Identifier: This column shows the name of the IAM policy.AWS IAM 1

Compliances covered:

Compliance Name Reference No. Link
Trusted Advisor https://console.aws.amazon.com/trustedadvisor/home?#/category/service-limits

 

Filters applicable:

Filter Name Description
Account Id Applying the account Id filter will display all the resources for the selected account Id.
Severity Applying severity filter will display the resources according to the selected severity type i.e. selecting critical will display all resources with critical severity. Same will be the case for Warning and Ok severity types.

 

LEAVE A REPLY

Please enter your comment!
Please enter your name here