AWS Account ReportAWS ACM Certificate Age ReportAWS ACM Certificate DashboardAWS ACM Certificate DetailAWS API Gateway V2 API Age ReportAWS API Gateway V2 API DashboardAWS API Gateway V2 API DetailAWS Backup Plan DetailAWS Backup Vault DetailAWS CloudFront Distribution DashboardAWS CloudFront Distribution DetailAWS CloudTrail Trail DashboardAWS CloudTrail Trail DetailAWS CloudTrail Trail Encryption ReportAWS CloudTrail Trail Logging ReportAWS CloudWatch Log Group DetailAWS CodeBuild Project Age ReportAWS CodeBuild Project DashboardAWS CodeBuild Project DetailAWS CodeCommit Repository Age ReportAWS CodeCommit Repository DashboardAWS CodeCommit Repository DetailAWS CodePipeline Pipeline Age ReportAWS CodePipeline Pipeline DashboardAWS CodePipeline Pipeline DetailAWS DAX Cluster DetailAWS DynamoDB Table Age ReportAWS DynamoDB Table DashboardAWS DynamoDB Table DetailAWS DynamoDB Table Encryption ReportAWS EBS Snapshot Age ReportAWS EBS Snapshot DashboardAWS EBS Snapshot DetailAWS EBS Snapshot Public Access ReportAWS EBS Volume Age ReportAWS EBS Volume DashboardAWS EBS Volume DetailAWS EBS Volume Encryption ReportAWS EC2 AMI DetailAWS EC2 Application Load Balancer DetailAWS EC2 Classic Load Balancer DetailAWS EC2 Gateway Load Balancer DetailAWS EC2 Instance Age ReportAWS EC2 Instance DashboardAWS EC2 Instance DetailAWS EC2 Instance Public Access ReportAWS EC2 Network Interface DetailAWS EC2 Network Load Balancer DetailAWS ECR Repository Age ReportAWS ECR Repository DashboardAWS ECR Repository DetailAWS ECS Cluster DashboardAWS ECS Cluster DetailAWS ECS Service DetailAWS ECS Task Definition DetailAWS EFS File System Age ReportAWS EFS File System DashboardAWS EFS File System DetailAWS EKS Cluster Age ReportAWS EKS Cluster DashboardAWS EKS Cluster DetailAWS ElastiCache Cluster DetailAWS ElastiCache Cluster Node Age ReportAWS ElastiCache Cluster Node DashboardAWS ElastiCache Cluster Node DetailAWS EMR Cluster Age ReportAWS EMR Cluster DashboardAWS EMR Cluster DetailAWS EventBridge Rule DetailAWS IAM Access Key Age ReportAWS IAM Action Glob ReportAWS IAM Credential ReportAWS IAM Group DashboardAWS IAM Group DetailAWS IAM Policy DetailAWS IAM Role DashboardAWS IAM Role DetailAWS IAM Root Access ReportAWS IAM User DashboardAWS IAM User DetailAWS IAM User Excessive Privilege ReportAWS IAM User MFA ReportAWS KMS CMK Lifecycle ReportAWS KMS Key Age ReportAWS KMS Key DashboardAWS KMS Key DetailAWS Lambda Function DashboardAWS Lambda Function DetailAWS Lambda Function Encryption ReportAWS Lambda Function Public Access ReportAWS OpenSearch Domain DetailAWS RDS DB Cluster Age ReportAWS RDS DB Cluster DashboardAWS RDS DB Cluster DetailAWS RDS DB Cluster Encryption ReportAWS RDS DB Cluster Logging ReportAWS RDS DB Cluster Snapshot Age ReportAWS RDS DB Cluster Snapshot DashboardAWS RDS DB Cluster Snapshot DetailAWS RDS DB Cluster Snapshot Encryption ReportAWS RDS DB Instance Age ReportAWS RDS DB Instance DashboardAWS RDS DB Instance DetailAWS RDS DB Instance Encryption ReportAWS RDS DB Instance Logging ReportAWS RDS DB Instance Public Access ReportAWS RDS DB Instance Snapshot Age ReportAWS RDS DB Instance Snapshot DashboardAWS RDS DB Instance Snapshot DetailAWS RDS DB Instance Snapshot Encryption ReportAWS Redshift Cluster Age ReportAWS Redshift Cluster DashboardAWS Redshift Cluster DetailAWS Redshift Cluster Encryption ReportAWS Redshift Cluster Logging ReportAWS Redshift Cluster Public Access ReportAWS Redshift Snapshot DetailAWS S3 Bucket Age ReportAWS S3 Bucket DashboardAWS S3 Bucket DetailAWS S3 Bucket Encryption ReportAWS S3 Bucket Lifecycle ReportAWS S3 Bucket Logging ReportAWS S3 Bucket Public Access ReportAWS SNS Topic DashboardAWS SNS Topic DetailAWS SNS Topic Encryption ReportAWS SQS Queue DashboardAWS SQS Queue DetailAWS SQS Queue Encryption ReportAWS VPC DashboardAWS VPC DetailAWS VPC Elastic IP DetailAWS VPC Flow Logs DetailAWS VPC Flow Logs ReportAWS VPC Security Group DashboardAWS VPC Security Group DetailAWS VPC Subnet Detail
Dashboard: AWS IAM Role Dashboard
This dashboard answers the following questions:
- How many roles are in each account?
- How many roles are with inline policies?
- How many roles are without any attached and boundary policies?
- How many roles allow all actions (
action = '*')?
This dashboard contains 6 cards.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-insightsStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select AWS IAM Role Dashboard dashboard.
You could also snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe dashboard run aws_insights.dashboard.iam_role_dashboard --shareQueries
This dashboard uses the the following queries:
with roles_can_be_assumed_anonymously as ( select name, stmt -> 'Principal', Principal from aws_iam_role role, jsonb_array_elements(role.assume_role_policy_std -> 'Statement') as stmt, jsonb_array_elements_text(stmt -> 'Principal' -> 'AWS') as principal where principal = '*' and stmt ->> 'Effect' = 'Allow')select count(distinct name) as value, 'Allows All Principals to Assume Role' as label, case when count(distinct name) > 0 then 'alert' else 'ok' end as typefrom roles_can_be_assumed_anonymously;