AWS SSO / Identity Center permissions report

Get the most out of AWS Identity Center

AWS Identity Center reporting just got easier!

AWS IAM Identity Center, formerly known as AWS Single Sign-On (AWS SSO), is AWS’ preferred solution to authenticate and authorize people to AWS.  Identity Center provides secure and centralized access management across the entire AWS environment.

While Identity Center is a great tool for granting access, AWS Identity Center reporting still has its shortcomings.

First, it is difficult to understand what access people have via their corporate identity as defined or integrated via AWS SSO.

This creates a security challenge as it’s unclear what privileged roles people can use (assume) in AWS and what resources they have access to.

Second, it’s difficult to quickly show segregation of duties for SOC2/ISO27001 compliance. Because there is no support for generating a list of canonical SSO users and groups, their permission sets, and their relationships to IAM roles and AWS resources.

Book a meeting with an IAM expert

The bottom line:

 

Cloud, Security, and Identity teams need to be able to audit people’s access in AWS.

k9 makes it possible

 

The Identity Center worksheet bridges the AWS SSO user and group entities to the IAM roles they give access to. 

The report conveniently identifies which of those AWS SSO users/groups are effectively IAM admins. (because that’s the first thing we see customers look for)

This is basically impossible to determine on your own.

Check out the connections between Identity Center and IAM principals and in this sample report (xlsx) excerpt:
k9 Security Identity Center View showing an SSO user, two groups, their session lengths and what IAM role they have access to

This data is also available in CSV so that you can integrate with your existing data sources in Splunk, Datadog, and Athena.

Ditch the workarounds

Creating custom scripts or using open source SSO reporters are common ways teams are getting by, but these solutions are incomplete. Book a meeting with an IAM expert to learn more about k9’s Identity Center Reporting!

Book a meeting with an IAM expert
k9 Security is an AWS Partner with Qualified Software

What our customers are saying

We wanted to create a truly secure production environment for our customers and prove it with a SOC 2 certification. k9 Security walked us through all the IAM vulnerabilities in our AWS account using their super pragmatic report and helped us fix the issues.  Now we have SOC 2 and least privilege!

Aleks Smechov

Co-Founder & CEO, Wordcab

The quality and depth of expertise demonstrated by k9 Security is unparalleled in the industry.  k9 has helped advise our AWS IAM strategy and guide a successful implementation of secure identity management that eliminates excess IAM permissions.

Lucas LaFrance

VP of Security, PlanetArt

k9 is a great tool for consultants offering AWS security reviews. Will definitely use this tool when doing the next review of an AWS account. k9 is a great tool for Cloud Security Specialists raising the bar for security within their organization.

Andreas Wittig

Author, Amazon Web Services in Action

Stop struggling with IAM!

Book a meeting and learn more about k9’s Identity Center Reporting

Book a meeting with an IAM expert