turbot/aws_insights

Query: iam_user_with_excessive_permissions_count

Usage

powerpipe query aws_insights.query.iam_user_with_excessive_permissions_count

SQL

select
count(distinct principal_arn) as value,
'Users With Excessive Permissions' as label,
case
when count(*) = 0 then 'ok'
else 'alert'
end as type
from
aws_iam_access_advisor,
aws_iam_user
where
principal_arn = arn
and coalesce(last_authenticated, now() - '400 days' :: interval ) < now() - ($1 || ' days') :: interval;

Params

ArgsNameDefaultDescriptionVariable
$1threshold_in_days

    Dashboards

    The query is used in the dashboards: