Skip to main content

Monitoring Identity and Access Monitoring (IAM) at scale

In today's cloud-centric world, managing identities and access plays a vital role in maintaining the security and efficiency of AWS environments. As organizations scale and adopt multi-account environments, managing a large number of IAM users becomes increasingly challenging.

IAM Monitoring at scale

The Identity and Access Management (IAM) is the cornerstone of AWS cloud. All human users are best adviced to use Identity Center while all programmatic access should via IAM users, IAM roles and access keys. CloudYali now has inbuilt capability to monitor all IAM users, roles and groups in a single window, across all your AWS accounts.

To access the IAM monitoring, select the tab IAM tab on the main page. iam monitoring scale

This tab contains multiple subtabs such as:

  • All Users
  • Root Users
  • Non Root Users
  • Accessed Regions & Services
  • All Roles
  • All Groups

Supported filters

IAM monitoring provide IAM information from multiple accounts and based on the context you may want to filter the results. Consider that you wanted a list of all inactive users from a specific set of accounts only. In such cases, the filtering comes handly.

note

All filters are on the left side of the window.

If you do not see any filter, it might be collapsed. Please look out for collapsed arrow symbol. collapsed filters

Out of scope filters

info

The allowed filters change based on the IAM entities you are working with. The Accounts filter is available for all IAM entities.

If the filters are not applicable for the current IAM entity it would be shown as 'Filters out of scope` in filters UI. Filters Out of Scope

We support filters for:

  • Accounts: > The Accounts filter allow to select the AWS account for which you want to view the details. By default it selects all onboarded AWS accounts. It is possible to multiselect AWS accounts. This filter is available for all IAM entities.
  • Users: > The Users filter allow to select the users beloging to all AWS accounts selected in Accounts filter. It is possible to multi-select IAM users.
  • Regions: > The Regions filter allow to select the regions where IAM user activity has been reported. It is possible to multi-select regions. This filter is available for 'Accessed Services & Regions` tab only.
  • Services: > The Services ilter allow to select the services for which IAM user activity has been reported. It is possible to multi-select services. This filter is available for 'Accessed Services & Regions` tab only.

Applying filters

To use the filters, first select the desired filters and click on the Apply Filters button. Apply Filters