Blog
        

April 18, 2023

Simplify IAM User Management Across AWS Accounts

Simplify IAM User Management Across AWS Accounts with TeraSky’s Organizational IAM Users Report Tool

 

As organizations grow and expand their cloud infrastructure, managing and securing access to their resources becomes increasingly complex. Managing AWS Identity and Access Management (IAM) users across multiple accounts is a perfect example of this challenge. As an organization expands its AWS footprint, concerns like lack of visibility, scale, compliance, and operational efficiency can arise. Robust IAM user management practices are critical, including the implementation of appropriate tools and automations, regular audits, and ongoing monitoring to ensure consistent security and compliance across multiple AWS accounts.

 

At TeraSky, we are deeply familiar with the hurdles along the path to enterprise growth and with AWS best practices. To help address IAM challenges, TeraSky has developed the Organizational IAM Users Report tool, which creates a report of all AWS IAM users in all organization-linked accounts with their configurations, making managing and securing access to the AWS IAM so much simpler.

 

AWS IAM Credentials Report Feature

AWS provides an IAM credentials report feature that generates a CSV report containing information about IAM users, access keys, and passwords. This report can be generated for both the entire AWS account and for specific IAM users. It includes information like IAM user name, ARN, creation date, password last used date, and access key last used date. However, the credentials report feature is only available per account; generating a report for multiple accounts requires significant additional effort.

 

Our Tool: Organizational IAM Users Report

TeraSky has developed a tool that utilizes the AWS IAM credentials report feature to generate a comprehensive report of all IAM users across all the organization-linked accounts. The tool uses AWS APIs to generate the report and saves it as a CSV file, which includes the following information:

  • IAM user name
  • ARN
  • Creation date
  • Password last used date
  • Access key last used date
  • MFA enabled or not
  • And more!

 

Using AWS Organizations, the report is generated for all the AWS accounts that are linked to the organization. It is then sent to the desired email recipients via Simple Email Service from AWS. For ongoing simplicity, the tool can be automated to send the latest report at regularly scheduled intervals.

 

The Organizational IAM Users Report provides several benefits:

  1. Improved visibility: The report provides a comprehensive view of all IAM users across all organization-linked accounts, providing total visibility into user status, which simplifies management.
  2. Better compliance: The report includes information about MFA, access keys, and certificates, making it easier to ensure compliance with security policies.
  3. Easier troubleshooting: The report includes information about password and access key last-used date, helping to identify and troubleshoot any access issues.

 

Conclusion

TeraSky’s Organizational IAM Users Report tool provides a comprehensive view of all IAM users across all organization-linked accounts, giving you quick and regular access to the information you need to stay on top of multiple accounts. Organizational growth is exciting, but it can create new challenges. With our Organizational IAM Users Report Tool, managing IAM users across multiple accounts no longer needs to be one of them!

You can find the tool with instructions on how to use it in our official GitHub repository: https://github.com/TeraSky-OSS/aws-organizational-iam-users-report

Want to get started with the Organizational IAM Users Report Tool? Contact TeraSky today.

 

Written by: Daniel Vaaknin, Senior Consultant, Cloud & DevOps

Reach out today to get started!

Tags:
AWS
IAM User Management
AWS Identity and Access Management
Share:

Next Articles

Blog
      

23 May, 2024

TeraSky Lights Up Google Cloud Summit Tel Aviv 2024
Read Entry
Blog
      

22 May, 2024

Insights & Connections at NYC’s Cloud Native Conference
Read Entry
Blog
      

8 May, 2024

Purify Your Backup: Building a Fortress Against Ransomware
Read Entry
Skip to content