3.AWS_IAMScan Job

The 3.AWS_IAMScan job collects details about users, groups, policies, roles, and other IAM related identities.

Queries for the 3.AWS_IAMScan Job

The IAM Scan query uses the AWS Data Collector to target all AWS instances and has been preconfigured to use the Collect IAM Data category.

The 3.AWS_IAMScan job has the following configurable query:

• IAM Scan – Scans AWS S3 for information on IAM related identities

Configure the IAM Scan Query

The IAM Scan query in the 3.AWS_IAMScan job has been preconfigured to run with the default settings with the category of Collect IAM Data. Follow the steps to set any desired customizations.

Step 1 – Navigate to the AWS > 0.Collection > 3.AWS_IAMScan > Configure node and select the Queries node.

Step 2 – In the Query Selection view, click Query Properties. The Query Properties window opens.

Step 3 – Select the Data Source tab, and click Configure. The Amazon Web Services Data Collector Wizard opens.

Step 4 – On the Login Roles page, add the created AWS Roles:

• Enter the Role in the Role Name field and click Add
• Alternatively, import multiple Roles from a CSV file
• See the Configure AWS for Scans topic for additional information

Step 5 – On the Summary page, click Finish to save any modifications or click Cancel if no changes were made. Then click OK to close the Query Properties window.

If changes were saved, the 3.AWS_IAMScan job has now been customized.

Analysis Tasks for the 3.AWS_IAM Scan Job

View the analysis tasks by navigating to the AWS > 0.Collection > 3.AWS_IAMScan > Configure node and selecting Analysis.

CAUTION: Do not modify or deselect the selected analysis task. The analysis task is preconfigured for this job.

The following analysis task is selected by default:

• AWS Views – Creates the AWS Views table