IAM Exposure

Identity and Access Management (IAMClosed Identity and Access Management (IAM) - A web service that customers can use to manage users and user permissions within their organizations.) exposure is the level of accessibility of the asset from the public domain based on its access permissions.

The table below shows the AWSClosed Amazon® Web Services. Public cloud platform that offers global compute, storage, database, application and other cloud services. assets that CloudGuard uses for the IAM exposure calculation and their status.

Platform

Asset Type

Possible Status

Assets Used for Calculation

AWS

S3 bucket

  • Public - accessible to a wide range of principals

  • Partially Public – specific objects in the asset can be public

  • Private – the asset is accessible to a limited set of principals

  • Unknown - CloudGuard cannot determine the IAM exposure based on the available data

  • S3 bucket Resource Policy

  • S3 bucket ACL policy

  • Access Point

  • Multi-Region Access Point

  • Block Public Access settings on account and resource levels

IAM Role

  • Public - Roles can be assumed by a wide range of AWS principals

  • Partially Public - Roles can be assumed by a third-party principal

  • Private - Roles can be assumed only by a limited set of principals

Resource Policy

Lambda

  • Public - A wide range of AWS principals can do at least one action on the asset

  • Private - Only a limited set of principals can take actions on the resource

SQSClosed Reliable and scalable hosted queues for storing messages as they travel between computers.

SNS Topic

ECR Repository