Slide 36
Slide 36 text
Investigation
● Use Trusted Advisor, check IAM Credential Report.
● Use IAM tools such as the IAM policy simulator or the IAM console can help you review.
● Use config rules
○ IAM_POLICY_IN_USE : Config rule that checks whether the IAM policy ARN is attached to an IAM user,
● Access Advisor Use last accessed information.
● Use CloudTrail for logging.
● Monitor (CloudWatch alarms).
- Root logins, IAM policy changes, unauthorized API calls,CloudTrail configuration changes,
authentication failures