turbot/aws_insights

Query: iam_user_excessive_permissions_report

Usage

powerpipe query aws_insights.query.iam_user_excessive_permissions_report

SQL

select
u.name as "User Name",
aa.principal_arn as "Principal",
aa.service_name as "Service",
aa.service_namespace as "Service Namespace",
case
when aa.last_authenticated is null then 'Never in tracking period'
else (now()::date - aa.last_authenticated::date)::text
end as "Last Authenticated (Days)",
aa.last_authenticated as "Last Authenticated Timestamp",
aa.last_authenticated_entity as "Last Authenticated Entity",
aa.last_authenticated_region as "Last Authenticated Region",
a.title as "Account",
a.account_id as "Account ID",
u.arn as "ARN"
from
aws_iam_access_advisor as aa,
aws_iam_user as u,
aws_account as a
where
u.account_id = a.account_id
and aa.principal_arn = u.arn
and coalesce(aa.last_authenticated, now() - '400 days' :: interval ) < now() - ($1 || ' days') :: interval
order by
u.name;

Params

ArgsNameDefaultDescriptionVariable
$1threshold_in_days

    Dashboards

    The query is used in the dashboards: