Explore Identities and Identity Policies
The Explore: Identities page provides a list of identities or policies and their summary information.
- The page displays identities by default.
To display policies instead, select Policies from the dropdown. (Only summary information is currently available for policies.) - Use the filters or search if you want to display a subset of identities or policies. By default, the page displays all identities from the latest week.
- Locate the identity that you want to investigate.
- Observe some of the identity information available in the table:
- Risk severity - Identify the most important to address
- Risks - Discover what types of risks exist
- Unused entitlements % - Determine which identities have excessive privileges
- Click an identity in the list to display its details.
- Save and share the view.
The following sections detail the actions you can take and the information you can view when exploring identities and policies.
Identities
To display identities, select Identities from the dropdown menu.
Identity Filters
Use the following methods to refine what is displayed in the identities list:
- Use the search function at the top of the page to select a filter, operator, and values.
- Click the filter dropdowns along the top of the page, select your choices, and click Show results. Click an active filter to remove it or click Reset click Show results.
The following table lists available identity filters.
Filter | Description |
---|---|
Cloud provider | Display identities for the selected cloud provider. |
Account ID | Display identities for the selected account IDs. |
Principal ID | Display identities with matching principal IDs. |
Risk | Display identities with the selected risks. |
Identity type | Display identities of the selected types. |
Name | Display identities with matching names. |
Tags | Display identities with the selected tags. |
Access keys | Display identities with the selected access keys. |
Used entitlements % | Display identities with the selected percentage of the total granted entitlements that have been used. |
Unused entitlements % | Display identities with the selected percentage of the total granted entitlements that are unused. |
Risk severity | Display identities with the selected severities. |
Identities List
The list of identities appears below the filters and has the following information available.
Click the icons to refresh the table, download the table as a CSV, select columns, and search for specific text in the columns.
To go to an identity's details page, click an identity.
Column | Description |
---|---|
Identity name | An identity name is a unique identifier or name assigned to an individual or entity within the cloud environment. It represents a specific user, service account, group, or role that has access rights and permissions to interact with the cloud resources and services. |
Identity type | An identity type refers to the classification or category of an identity within the cloud environment. Currently supported types: AWS group, AWS instance profile, AWS role, AWS root user, AWS service, AWS service-linked role, and AWS user. |
Risk severity | The risk severity is the highest severity of the risks that are associated with the identity. Click the risk severity for details about the associated risks. |
Risks | The risks that are associated with the identity. Color-coded icons indicate the risks' severities. Click the risks for details about the associated risks. Refer to Entitlement risks for a list of all possible risks. |
Used entitlements | The percentage and number of the total granted entitlements that are used. |
Unused entitlements | The percentage and number of the total granted entitlements that are unused. |
Resources used | The percentage and number of resources that the identity has used (in the past 180 days) that it is entitled to. A used resource refers to any digital asset that is utilized or interacted with by users, applications, or processes within the cloud environment. |
Services used | The percentage and number of services that the identity has accessed (in the past 180 days) that it is entitled to. A used service refers to a specific cloud service that is utilized or interacted with by users, applications, or processes within the cloud environment. |
Linked identities | The number of identities that are linked to this identity. When a linked identity is established, it lets users authenticate themselves using their credentials from the external identity provider, and the cloud service provider verifies the identity and grants access based on the linked association. To view the specific identities, expand the value. |
Last used | The last time the identity was used to access a resource or entitlement. |
Created on | The creation date. |
Principal ID | The principal ID from the cloud service provider. |
Provider | The cloud service provider. |
Account | The account ID from the cloud service provider. |
Tags | The tags assigned to the identity for categorization. |
Key ID | The key ID from the cloud service provider. |
Access keys | The access keys associated with the identity and whether they are active or inactive. You must guard them carefully because they can be used to access your cloud resources and perform unauthorized actions or compromise security. |
Risk Severity
The overall risk window provides a description and severity for each risk. To open this window, click the risk severity or risks.
To view the identity's details, click Investigate.
The overall risk is the highest severity of the risks that are associated with the identity. To lower the overall risk, address all of the highest severity risks. This would lower the risk score to the highest severity of the remaining risks.
For example, if an identity has a critical overall risk with two critical risks and three medium risks, fixing all critical risks would lower the overall risk to medium.
Policies
To display policies, select Policies from the dropdown menu.
Policy Filters
Use the following methods to refine what is displayed in the policies list:
- Use the search function at the top of the page to select a filter, operator, and values.
- Click the filter dropdowns along the top of the page, select your choices, and click Show results. Click an active filter to remove it or click Reset and then click Show results.
The following table lists available policy filters.
Filter | Description |
---|---|
Cloud provider | Display policies for the selected cloud provider. |
Account | Display policies for the selected accounts. |
Policy type | Display policies of the selected types. |
Policy name | Display policies with matching names. |
Last updated | Display policies with matching update times. |
Created on | Display policies with matching creation times. |
Tags | Display policies with the selected tags. |
Policies List
The list of policies appears below the filters and has the following information available.
Click the icons to refresh the table, download the table as a CSV, select columns, and search for specific text in the columns.
To go to a policy's details page, click a policy.
Column | Description |
---|---|
Policy name | Name of the policy. |
Policy type | Type of policy. Supported types include inline (group, role, user), managed (AWS, customer), and resource. |
Account | The account ID from the cloud service provider. |
Provider | The cloud service provider. |
Last updated | The last time the policy was updated. |
Policy ID | The policy ID from the cloud service provider. |
Tags | The tags assigned to the policy for categorization. |
Created on | The date the policy was created. |
Save and Share a View
When the page displays your desired data, click Save or Create view in the top right corner. This allows you to access the saved view later. You can also copy the link to a saved view by opening the list of saved views and clicking the Share view icon of the view you want to share. You can then send that link to others so they can see the same view. For more details about saved views, refer to Views Management.