AWS Account ReportAWS ACM Certificate Age ReportAWS ACM Certificate DashboardAWS ACM Certificate DetailAWS API Gateway V2 API Age ReportAWS API Gateway V2 API DashboardAWS API Gateway V2 API DetailAWS Backup Plan DetailAWS Backup Vault DetailAWS CloudFront Distribution DashboardAWS CloudFront Distribution DetailAWS CloudTrail Trail DashboardAWS CloudTrail Trail DetailAWS CloudTrail Trail Encryption ReportAWS CloudTrail Trail Logging ReportAWS CloudWatch Log Group DetailAWS CodeBuild Project Age ReportAWS CodeBuild Project DashboardAWS CodeBuild Project DetailAWS CodeCommit Repository Age ReportAWS CodeCommit Repository DashboardAWS CodeCommit Repository DetailAWS CodePipeline Pipeline Age ReportAWS CodePipeline Pipeline DashboardAWS CodePipeline Pipeline DetailAWS DAX Cluster DetailAWS DynamoDB Table Age ReportAWS DynamoDB Table DashboardAWS DynamoDB Table DetailAWS DynamoDB Table Encryption ReportAWS EBS Snapshot Age ReportAWS EBS Snapshot DashboardAWS EBS Snapshot DetailAWS EBS Snapshot Public Access ReportAWS EBS Volume Age ReportAWS EBS Volume DashboardAWS EBS Volume DetailAWS EBS Volume Encryption ReportAWS EC2 AMI DetailAWS EC2 Application Load Balancer DetailAWS EC2 Classic Load Balancer DetailAWS EC2 Gateway Load Balancer DetailAWS EC2 Instance Age ReportAWS EC2 Instance DashboardAWS EC2 Instance DetailAWS EC2 Instance Public Access ReportAWS EC2 Network Interface DetailAWS EC2 Network Load Balancer DetailAWS ECR Repository Age ReportAWS ECR Repository DashboardAWS ECR Repository DetailAWS ECS Cluster DashboardAWS ECS Cluster DetailAWS ECS Service DetailAWS ECS Task Definition DetailAWS EFS File System Age ReportAWS EFS File System DashboardAWS EFS File System DetailAWS EKS Cluster Age ReportAWS EKS Cluster DashboardAWS EKS Cluster DetailAWS ElastiCache Cluster DetailAWS ElastiCache Cluster Node Age ReportAWS ElastiCache Cluster Node DashboardAWS ElastiCache Cluster Node DetailAWS EMR Cluster Age ReportAWS EMR Cluster DashboardAWS EMR Cluster DetailAWS EventBridge Rule DetailAWS IAM Access Key Age ReportAWS IAM Action Glob ReportAWS IAM Credential ReportAWS IAM Group DashboardAWS IAM Group DetailAWS IAM Policy DetailAWS IAM Role DashboardAWS IAM Role DetailAWS IAM Root Access ReportAWS IAM User DashboardAWS IAM User DetailAWS IAM User Excessive Privilege ReportAWS IAM User MFA ReportAWS KMS CMK Lifecycle ReportAWS KMS Key Age ReportAWS KMS Key DashboardAWS KMS Key DetailAWS Lambda Function DashboardAWS Lambda Function DetailAWS Lambda Function Encryption ReportAWS Lambda Function Public Access ReportAWS OpenSearch Domain DetailAWS RDS DB Cluster Age ReportAWS RDS DB Cluster DashboardAWS RDS DB Cluster DetailAWS RDS DB Cluster Encryption ReportAWS RDS DB Cluster Logging ReportAWS RDS DB Cluster Snapshot Age ReportAWS RDS DB Cluster Snapshot DashboardAWS RDS DB Cluster Snapshot DetailAWS RDS DB Cluster Snapshot Encryption ReportAWS RDS DB Instance Age ReportAWS RDS DB Instance DashboardAWS RDS DB Instance DetailAWS RDS DB Instance Encryption ReportAWS RDS DB Instance Logging ReportAWS RDS DB Instance Public Access ReportAWS RDS DB Instance Snapshot Age ReportAWS RDS DB Instance Snapshot DashboardAWS RDS DB Instance Snapshot DetailAWS RDS DB Instance Snapshot Encryption ReportAWS Redshift Cluster Age ReportAWS Redshift Cluster DashboardAWS Redshift Cluster DetailAWS Redshift Cluster Encryption ReportAWS Redshift Cluster Logging ReportAWS Redshift Cluster Public Access ReportAWS Redshift Snapshot DetailAWS S3 Bucket Age ReportAWS S3 Bucket DashboardAWS S3 Bucket DetailAWS S3 Bucket Encryption ReportAWS S3 Bucket Lifecycle ReportAWS S3 Bucket Logging ReportAWS S3 Bucket Public Access ReportAWS SNS Topic DashboardAWS SNS Topic DetailAWS SNS Topic Encryption ReportAWS SQS Queue DashboardAWS SQS Queue DetailAWS SQS Queue Encryption ReportAWS VPC DashboardAWS VPC DetailAWS VPC Elastic IP DetailAWS VPC Flow Logs DetailAWS VPC Flow Logs ReportAWS VPC Security Group DashboardAWS VPC Security Group DetailAWS VPC Subnet Detail
Dashboard: AWS IAM User Detail
This dashboard answers the following questions for each user:
- What relationships does the user have with other resources?
- How is the user configured?
- What tags are applied?
- How many access keys does the user have?
- How is the MFA configured?
- What groups are associated with the user?
- What are the AWS managed policies associated with user?
This dashboard contains 4 cards, 1 flow, 1 graph, 1 input and 7 tables.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-insightsStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select AWS IAM User Detail dashboard.
You could also snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe dashboard run aws_insights.dashboard.iam_user_detail --shareQueries
This dashboard uses the the following queries:
-- Policies (attached to groups)select p.title as "Policy", p.arn as "ARN", 'Group: ' || g.title as "Via"from aws_iam_user as u, aws_iam_policy as p, jsonb_array_elements(u.groups) as user_groups inner join aws_iam_group g on g.arn = user_groups ->> 'Arn'where g.attached_policy_arns :: jsonb ? p.arn and u.arn = $1-- Policies (inline from groups)union select i ->> 'PolicyName' as "Policy", 'N/A' as "ARN", 'Group: ' || grp.title || ' (inline)' as "Via"from aws_iam_user as u, jsonb_array_elements(u.groups) as g, aws_iam_group as grp, jsonb_array_elements(grp.inline_policies_std) as iwhere grp.arn = g ->> 'Arn' and u.arn = $1-- Policies (attached to user)union select p.title as "Policy", p.arn as "ARN", 'Attached to User' as "Via"from aws_iam_user as u, jsonb_array_elements_text(u.attached_policy_arns) as pol_arn, aws_iam_policy as pwhere u.attached_policy_arns :: jsonb ? p.arn and pol_arn = p.arn and u.arn = $1-- Inline Policies (defined on user)union select i ->> 'PolicyName' as "Policy", 'N/A' as "ARN", 'Inline' as "Via"from aws_iam_user as u, jsonb_array_elements(inline_policies_std) as iwhere u.arn = $1