Skip to content

Latest commit

 

History

History
133 lines (100 loc) · 5.08 KB

aws-iam-monitoring-integration.mdx

File metadata and controls

133 lines (100 loc) · 5.08 KB
Raw
title tags metaDescription redirects
AWS IAM monitoring integration
Integrations
Amazon integrations
AWS integrations list
New Relic's AWS IAM monitoring integration: what data it reports, and how to enable it.
/docs/integrations/amazon-integrations/aws-integrations-list/aws-iam-monitoring-integration
/docs/aws-iam-integration
/docs/infrastructure/infrastructure-integrations/amazon-integrations/aws-iam-integration
/docs/infrastructure/amazon-integrations/amazon-integrations/aws-iam-monitoring-integration

New Relic infrastructure integrations include an AWS Identity and Access Management (IAM) integration for reporting your IAM data to New Relic. This document explains the integration's features, how to activate it, and what data can be reported.

Features

Amazon's Identity and Access Management (IAM) enables you to securely control access to AWS services and resources for your users. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.

New Relic's IAM monitoring integration lets you capture the state of policies, users, groups, and roles at specific points in time. IAM data is also available for analysis in New Relic One.

Activate integration [#activate]

To enable this integration follow standard procedures to Connect AWS services to New Relic.

Configuration and polling [#polling]

You can change the polling frequency and filter data using configuration options.

Default polling information for the AWS IAM integration:

  • New Relic polling interval: 5 minutes

Find and use data [#find-data]

To find this integration's data, go to one.newrelic.com > Infrastructure > AWS and select one of the IAM integration links.

You can query and explore your data using the IamAccountSummarySample event type.

Metric data [#metrics]

The IAM integration doesn't capture any performance metrics in the traditional sense of the word. But the integration does monitor the state of IAM service policies, users, groups, and roles at specific points in time, and uses that to create these count-based metrics:

  • Certificates per account
  • Groups per account
  • MFA devices per account
  • Roles per account
  • Users per account

Inventory data [#inventory]

After March 2022, we're discontinuing support for several capabilities, including inventory data for cloud integrations. For more details, including how you can easily prepare for this transition, see our [Explorers Hub post](https://discuss.newrelic.com).

The IAM integration reports this inventory data:

  <th>
    Description
  </th>
</tr>

  <td>
    High level information about the [Group](http://docs.aws.amazon.com/IAM/latest/APIReference/API_Group.html) and detailed information on the [group attributes](http://docs.aws.amazon.com/IAM/latest/APIReference/API_GroupDetail.html).
  </td>
</tr>

<tr>
  <td>
    `policy`
  </td>

  <td>
    Information about the managed [policy](http://docs.aws.amazon.com/IAM/latest/APIReference/API_Policy.html).
  </td>
</tr>

<tr>
  <td>
    `role`
  </td>

  <td>
    Information about the IAM [role](http://docs.aws.amazon.com/IAM/latest/APIReference/API_Role.html).
  </td>
</tr>

<tr>
  <td>
    `server-certificate`
  </td>

  <td>
    Information about the [server certificate](http://docs.aws.amazon.com/IAM/latest/APIReference/API_ServerCertificate.html).
  </td>
</tr>

<tr>
  <td>
    `user`
  </td>

  <td>
    Information about the [user](http://docs.aws.amazon.com/IAM/latest/APIReference/API_User.html) and [user details](http://docs.aws.amazon.com/IAM/latest/APIReference/API_UserDetail.html).
  </td>
</tr>

<tr>
  <td>
    `virtual-mfa`
  </td>

  <td>
    Information about the [virtual MFA device](http://docs.aws.amazon.com/IAM/latest/APIReference/API_VirtualMFADevice.html).
  </td>
</tr>
Name
`group`