Viewing the IAM Access Analyzer findings dashboard
Amazon Identity and Access Management Access Analyzer organizes external access and unused access findings into a visual summary dashboard. The dashboard helps you gain visibility into the effective use of permissions at scale and identify accounts that need attention. You can use the dashboard to review findings by Amazon organization, account, and finding type.
To view the summary dashboard for external access analyzers
Note
After you create or update an analyzer, it can take time for the summary dashboard to reflect updates to findings.
Open the IAM console at https://console.amazonaws.cn/iam/
. -
Choose Access analyzer. The Summary window is displayed.
-
Choose an analyzer from the External access analyzer dropdown. A summary of the findings for the analyzer is displayed in the External access findings section.
In the preceding image, the external access findings dashboard is visible from within the Summary page:
-
The Active findings section includes the number of active findings for public access and the number of active findings that provide access outside of the account or organization. Choose a number to list all of the active findings of each type.
-
The Findings overview section includes a breakdown of the type of active findings. Choose View all active findings for a complete list of active findings for the analyzer's account or organization.
-
The Primary resource types with active findings section includes a breakdown of the primary resource types with active findings. This information helps you prioritize findings for the primary resources first. For example, Amazon S3, DynamoDB, and Amazon KMS. This is not an exhaustive list of every resource type. Your analyzer might have active findings for resource types not listed in this section.
To view the summary dashboard for unused access analyzers
IAM Access Analyzer charges for unused access analysis based on the number of IAM roles and
users analyzed per month. For more details about pricing, see IAM Access Analyzer pricing
Note
After you create or update an analyzer, based on the amount of users and roles, it can take time for the summary dashboard to reflect updates to findings.
Open the IAM console at https://console.amazonaws.cn/iam/
. -
Choose Access analyzer. The Summary window is displayed.
-
Choose an analyzer from the Unused access analyzer dropdown. A summary of the findings for the analyzer is displayed in the Unused access findings section.
In the preceding image, the external access findings dashboard is visible from within the Summary page:
-
The Active findings section includes the number of active findings for unused roles, unused credentials, and unused permissions in your account or organization. Unused credentials include both unused access key and unused password findings. Unused permissions include both users and roles with unused permissions. Choose a number to list all of the active findings of each type.
-
The Findings overview section includes a breakdown of the type of active findings. Choose View all active findings for a complete list of active findings for the analyzer's account or organization.
-
The Finding status section includes a breakdown of the status of findings (Active, Archived, and Resolved) for your account or organization.
-
The Accounts with the most findings for unused access section is only displayed if the selected accounts of your unused access analyzer is at the organization level. It includes a breakdown of the accounts in your organization with the most active findings. This is not an exhaustive list of every account in your organization. Your analyzer might have active findings for other accounts not listed in this section.