IAM visualization

You can view AWS identity and access management (IAM) relationships.

Sophos Cloud Optix provides an easy-to-use visualization of your AWS identity and access management (IAM) principals, services and resources.

You can see relationships between services and resources such as IAM users, IAM groups, IAM roles, EC2 instances, and Lambda functions. This helps you assess the risks associated with granting access to services.

Use IAM visualization to answer important questions, such as:

  • Which EC2 instances and Lambda functions have access to the S3 storage service?
  • Which IAM users have access to the EC2 service?
  • How do IAM users access a specific service, for example via group membership, IAM roles, or directly via in-line policies?
  • Are any IAM users overprivileged? Do they have access to AWS services that they do not use?

To use IAM visualization, do as follows:

  1. Go to Inventory > IAM.
  2. Click the topology icon.
  3. Select the AWS environment you want to investigate from the drop-down menu.
  4. Use the Resources and Services filters, or the search box, to customize your visualization.
  5. Click the icons to see additional information.

    For example, click the IAM group icon to see the IAM users in that group and the AWS services the group can access.