Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Construct for IAM Access Analyzer #5277

Open
nataibi opened this issue Dec 2, 2019 · 1 comment
Open

Construct for IAM Access Analyzer #5277

nataibi opened this issue Dec 2, 2019 · 1 comment
Labels
@aws-cdk/aws-iam Related to AWS Identity and Access Management effort/large Large work item – several weeks of effort feature-request A feature should be added or improved. p2

Comments

@nataibi
Copy link
Contributor

nataibi commented Dec 2, 2019
edited
Loading

The announcement of IAM Access Analyzer on the 2nd December sees the introduction of a capability that mathematically analyzes access control policies attached to resources (S3, IAM Role, Lambda, KMS etc ...) and determines which resources can be accessed publicly or from other accounts

Use Case

This service provides a greater visibility into the aggregate impact of your access control strategy, making it easy to report and to automatically respond to findings unintended resource access

Proposed Solution

Implement CloudFormation Resource and CDK Construct for https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-accessanalyzer-analyzer.html

Other

References

https://aws.amazon.com/iam/features/analyze-access/

https://aws.amazon.com/blogs/aws/identify-unintended-resource-access-with-aws-identity-and-access-management-iam-access-analyzer/

https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html

This is a 🚀 Feature Request
@nataibi nataibi added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Dec 2, 2019
@SomayaB SomayaB added the @aws-cdk/aws-iam Related to AWS Identity and Access Management label Dec 3, 2019
@rix0rrr rix0rrr added the effort/large Large work item – several weeks of effort label Jan 23, 2020
@SomayaB SomayaB removed the needs-triage This issue or PR still needs to be triaged. label Mar 5, 2020
@rix0rrr rix0rrr added the p2 label Aug 12, 2020
@rix0rrr rix0rrr removed their assignment Jun 3, 2021
@comcalvi
Copy link
Contributor

CFN resource has been added: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-accessanalyzer-analyzer.html

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-iam Related to AWS Identity and Access Management effort/large Large work item – several weeks of effort feature-request A feature should be added or improved. p2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@rix0rrr @SomayaB @nataibi @comcalvi