AWS SSO / Identity Center permissions report
Get the most out of AWS Identity Center
AWS Identity Center reporting just got easier!
AWS IAM Identity Center, formerly known as AWS Single Sign-On (AWS SSO), is AWS’ preferred solution to authenticate and authorize people to AWS. Identity Center provides secure and centralized access management across the entire AWS environment.
While Identity Center is a great tool for granting access, AWS Identity Center reporting still has its shortcomings.
First, it is difficult to understand what access people have via their corporate identity as defined or integrated via AWS SSO.
This creates a security challenge as it’s unclear what privileged roles people can use (assume) in AWS and what resources they have access to.
Second, it’s difficult to quickly show segregation of duties for SOC2/ISO27001 compliance. Because there is no support for generating a list of canonical SSO users and groups, their permission sets, and their relationships to IAM roles and AWS resources.
The bottom line:
Cloud, Security, and Identity teams need to be able to audit people’s access in AWS.
k9 makes it possible
The Identity Center worksheet bridges the AWS SSO user and group entities to the IAM roles they give access to.
The report conveniently identifies which of those AWS SSO users/groups are effectively IAM admins. (because that’s the first thing we see customers look for)
This is basically impossible to determine on your own.
This data is also available in CSV so that you can integrate with your existing data sources in Splunk, Datadog, and Athena.
What our customers are saying
We wanted to create a truly secure production environment for our customers and prove it with a SOC 2 certification. k9 Security walked us through all the IAM vulnerabilities in our AWS account using their super pragmatic report and helped us fix the issues. Now we have SOC 2 and least privilege!
The quality and depth of expertise demonstrated by k9 Security is unparalleled in the industry. k9 has helped advise our AWS IAM strategy and guide a successful implementation of secure identity management that eliminates excess IAM permissions.
k9 is a great tool for consultants offering AWS security reviews. Will definitely use this tool when doing the next review of an AWS account. k9 is a great tool for Cloud Security Specialists raising the bar for security within their organization.