title | tags | metaDescription | redirects | |||||||
---|---|---|---|---|---|---|---|---|---|---|
AWS IAM monitoring integration |
|
New Relic's AWS IAM monitoring integration: what data it reports, and how to enable it. |
|
New Relic infrastructure integrations include an AWS Identity and Access Management (IAM) integration for reporting your IAM data to New Relic. This document explains the integration's features, how to activate it, and what data can be reported.
Amazon's Identity and Access Management (IAM) enables you to securely control access to AWS services and resources for your users. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.
New Relic's IAM monitoring integration lets you capture the state of policies, users, groups, and roles at specific points in time. IAM data is also available for analysis in New Relic One.
To enable this integration follow standard procedures to Connect AWS services to New Relic.
You can change the polling frequency and filter data using configuration options.
Default polling information for the AWS IAM integration:
- New Relic polling interval: 5 minutes
To find this integration's data, go to one.newrelic.com > Infrastructure > AWS and select one of the IAM integration links.
You can query and explore your data using the IamAccountSummarySample
event type.
The IAM integration doesn't capture any performance metrics in the traditional sense of the word. But the integration does monitor the state of IAM service policies, users, groups, and roles at specific points in time, and uses that to create these count-based metrics:
- Certificates per account
- Groups per account
- MFA devices per account
- Roles per account
- Users per account
The IAM integration reports this inventory data:
<th>
Description
</th>
</tr>
<td>
High level information about the [Group](http://docs.aws.amazon.com/IAM/latest/APIReference/API_Group.html) and detailed information on the [group attributes](http://docs.aws.amazon.com/IAM/latest/APIReference/API_GroupDetail.html).
</td>
</tr>
<tr>
<td>
`policy`
</td>
<td>
Information about the managed [policy](http://docs.aws.amazon.com/IAM/latest/APIReference/API_Policy.html).
</td>
</tr>
<tr>
<td>
`role`
</td>
<td>
Information about the IAM [role](http://docs.aws.amazon.com/IAM/latest/APIReference/API_Role.html).
</td>
</tr>
<tr>
<td>
`server-certificate`
</td>
<td>
Information about the [server certificate](http://docs.aws.amazon.com/IAM/latest/APIReference/API_ServerCertificate.html).
</td>
</tr>
<tr>
<td>
`user`
</td>
<td>
Information about the [user](http://docs.aws.amazon.com/IAM/latest/APIReference/API_User.html) and [user details](http://docs.aws.amazon.com/IAM/latest/APIReference/API_UserDetail.html).
</td>
</tr>
<tr>
<td>
`virtual-mfa`
</td>
<td>
Information about the [virtual MFA device](http://docs.aws.amazon.com/IAM/latest/APIReference/API_VirtualMFADevice.html).
</td>
</tr>
Name |
---|
`group` |