Viewing the IAM Access Analyzer findings dashboard - AWS Identity and Access Management

Viewing the IAM Access Analyzer findings dashboard

AWS Identity and Access Management Access Analyzer organizes external access and unused access findings into a visual summary dashboard. The dashboard helps you gain visibility into the effective use of permissions at scale and identify accounts that need attention. You can use the dashboard to review findings by AWS organization, account, and finding type.

To view the summary dashboard for external access analyzers
Note

After you create or update an analyzer, it can take time for the summary dashboard to reflect updates to findings.

  1. Open the IAM console at https://console.aws.amazon.com/iam/.

  2. Choose Access analyzer. The Summary window is displayed.

  3. Choose an analyzer from the External access analyzer dropdown. A summary of the findings for the analyzer is displayed in the External access findings section.


    External access analyzer dashboard.

In the preceding image, the external access findings dashboard is visible from within the Summary page:

  1. The Active findings section includes the number of active findings for public access and the number of active findings that provide access outside of the account or organization. Choose a number to list all of the active findings of each type.

  2. The Findings overview section includes a breakdown of the type of active findings. Choose View all active findings for a complete list of active findings for the analyzer's account or organization.

  3. The Primary resource types with active findings section includes a breakdown of the primary resource types with active findings. This information helps you prioritize findings for the primary resources first. For example, Amazon S3, DynamoDB, and AWS KMS. This is not an exhaustive list of every resource type. Your analyzer might have active findings for resource types not listed in this section.

To view the summary dashboard for unused access analyzers

IAM Access Analyzer charges for unused access analysis based on the number of IAM roles and users analyzed per month. For more details about pricing, see IAM Access Analyzer pricing.

Note

After you create or update an analyzer, based on the amount of users and roles, it can take time for the summary dashboard to reflect updates to findings.

  1. Open the IAM console at https://console.aws.amazon.com/iam/.

  2. Choose Access analyzer. The Summary window is displayed.

  3. Choose an analyzer from the Unused access analyzer dropdown. A summary of the findings for the analyzer is displayed in the Unused access findings section.


    Unused access analyzer dashboard.

In the preceding image, the external access findings dashboard is visible from within the Summary page:

  1. The Active findings section includes the number of active findings for unused roles, unused credentials, and unused permissions in your account or organization. Unused credentials include both unused access key and unused password findings. Unused permissions include both users and roles with unused permissions. Choose a number to list all of the active findings of each type.

  2. The Findings overview section includes a breakdown of the type of active findings. Choose View all active findings for a complete list of active findings for the analyzer's account or organization.

  3. The Finding status section includes a breakdown of the status of findings (Active, Archived, and Resolved) for your account or organization.

  4. The Accounts with the most findings for unused access section is only displayed if the selected accounts of your unused access analyzer is at the organization level. It includes a breakdown of the accounts in your organization with the most active findings. This is not an exhaustive list of every account in your organization. Your analyzer might have active findings for other accounts not listed in this section.