devops-exercises

AWS IAM - Access Advisor

Objectives

Go to the Access Advisor and answer the following questions regarding one of the users:

  1. Are there services this user never accessed?
  2. What was the last service the user has accessed?
  3. What the Access Advisor is used/good for?

Solution

  1. Go to AWS IAM service and click on “Users” under “Access Management”
  2. Click on one of the users
  3. Click on the “Access Advisor” tab
  4. Check which service was last accessed and which was never accessed

Access Advisor can be good to evaluate whether there are services the user is not accessing (as in never or not frequently). This can be help in deciding whether some permissions should be revoked or modified.