Blog
12 December, 2024
April 18, 2023
Simplify IAM User Management Across AWS Accounts with TeraSky’s Organizational IAM Users Report Tool
As organizations grow and expand their cloud infrastructure, managing and securing access to their resources becomes increasingly complex. Managing AWS Identity and Access Management (IAM) users across multiple accounts is a perfect example of this challenge. As an organization expands its AWS footprint, concerns like lack of visibility, scale, compliance, and operational efficiency can arise. Robust IAM user management practices are critical, including the implementation of appropriate tools and automations, regular audits, and ongoing monitoring to ensure consistent security and compliance across multiple AWS accounts.
At TeraSky, we are deeply familiar with the hurdles along the path to enterprise growth and with AWS best practices. To help address IAM challenges, TeraSky has developed the Organizational IAM Users Report tool, which creates a report of all AWS IAM users in all organization-linked accounts with their configurations, making managing and securing access to the AWS IAM so much simpler.
AWS IAM Credentials Report Feature
AWS provides an IAM credentials report feature that generates a CSV report containing information about IAM users, access keys, and passwords. This report can be generated for both the entire AWS account and for specific IAM users. It includes information like IAM user name, ARN, creation date, password last used date, and access key last used date. However, the credentials report feature is only available per account; generating a report for multiple accounts requires significant additional effort.
Our Tool: Organizational IAM Users Report
TeraSky has developed a tool that utilizes the AWS IAM credentials report feature to generate a comprehensive report of all IAM users across all the organization-linked accounts. The tool uses AWS APIs to generate the report and saves it as a CSV file, which includes the following information:
Using AWS Organizations, the report is generated for all the AWS accounts that are linked to the organization. It is then sent to the desired email recipients via Simple Email Service from AWS. For ongoing simplicity, the tool can be automated to send the latest report at regularly scheduled intervals.
The Organizational IAM Users Report provides several benefits:
Conclusion
TeraSky’s Organizational IAM Users Report tool provides a comprehensive view of all IAM users across all organization-linked accounts, giving you quick and regular access to the information you need to stay on top of multiple accounts. Organizational growth is exciting, but it can create new challenges. With our Organizational IAM Users Report Tool, managing IAM users across multiple accounts no longer needs to be one of them!
You can find the tool with instructions on how to use it in our official GitHub repository: https://github.com/TeraSky-OSS/aws-organizational-iam-users-report
Want to get started with the Organizational IAM Users Report Tool? Contact TeraSky today.
Written by: Daniel Vaaknin, Senior Consultant, Cloud & DevOps