Excessive Permission

Modified on Tue, 23 Jan 2024 at 06:52 AM

Remediate Excessive Permissions using CloudDefense.ai:

Top of the excessive permission page give user a over view of

Inactive user
Inactive service
Over privileged service identities
Over privileged users

Excessive permission also have 5 filters to filter the data for clear and concise view

IAM type filter
Severity filter
Services filter
Label filter
Last activity filter

The user can also spot

All the inactive and overprivileged IAM users and roles in result
Their last activity
Service used by IAM users and role
Findings for IAM users and role

Inactive users: Inactive user is like a IAM user who did not login in past 90 days

Inactive services: Inactive services is the service is use in past 90 days

Overprivileged service identities: Overprvileged service identities is like the service was never being used.

Overprivileged users: Overprivileged users who never logged in the platform

IAM type filter: The user can spot the result of the excessive permission page by IAM type. Users can have a separate view of IAM user and IAM roles by IAM type filter

Severity filter: The user can spot the result of the excessive permission page by the impact of severity as well. 4 severity parameters are available on the excessive permission page e.g. Critical severity, High severity, Medium severity, and low severity.

Services filter: A IAM user might take several services in a platform e.g.Amazon Managed Service for Prometheus, Amazon EC2, Amazon Route 53 Domains, AWS CloudWatch RUM, Amazon Connect Voice ID, etc. So our users can also see the result of excessive permission page by service taken by the IAM user.

Label filter: Label filter allows the user to spot the result of the excessive permission page by its label e.g. MFA, No MFA, Admin, EC2 elevated permission, 3rd party, etc.

Last activity filter: Last activity filter allows the user to select a date range and spot the result within the date range.