Table: aws_iam_account_summary - Query AWS Identity and Access Management (IAM) Account Summary using SQL
The AWS Identity and Access Management (IAM) Account Summary provides an overview of your AWS security settings including users, groups, roles, and policies in your account. This service is useful for auditing and monitoring purposes, allowing you to ensure your account is secure and compliant with your organization's policies. It provides a user-friendly SQL interface for querying your IAM settings.
Table Usage Guide
The aws_iam_account_summary
table in Steampipe provides you with information about the AWS IAM Account Summary. This table allows you, as a DevOps engineer, to query IAM usage and resource consumption details, including users, groups, roles, policies, and more. You can utilize this table to gather insights on IAM usage, such as the number of users, roles, and policies, and verify the usage against AWS service limits. The schema outlines the various attributes of the IAM Account Summary, including the summary map and account ID.
Important Notes
- The number and size of IAM resources in your AWS account are limited. For more information, see IAM and STS Quotas in the IAM User Guide.
Examples
List the IAM summary for the account
Analyze the general overview of your AWS Identity and Access Management (IAM) to gain insights into user access and permissions within your account. This could be beneficial in identifying potential security risks or for general account management.
select *from aws_iam_account_summary;
select *from aws_iam_account_summary;
Ensure MFA is enabled for the "root" account (CIS v1.1.13)
Determine the areas in which Multi-Factor Authentication (MFA) is activated for the primary account to enhance security measures as per CIS v1.1.13 guidelines.
select account_mfa_enabledfrom aws_iam_account_summary;
select account_mfa_enabledfrom aws_iam_account_summary;
Summary report - Total number of IAM resources in the account by type
Determine the distribution of different types of Identity and Access Management (IAM) resources in your AWS account. This can help you understand the composition of your IAM resources and manage them more effectively.
select users, groups, roles, policiesfrom aws_iam_account_summary;
select users, groups, roles, policiesfrom aws_iam_account_summary;
Schema for aws_iam_account_summary
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
access_keys_per_user_quota | bigint | Specifies the allowed quota of access keys per user. | |
account_access_keys_present | bigint | Specifies the number of account level access keys present. | |
account_id | text | =, !=, ~~, ~~*, !~~, !~~* | The AWS Account ID in which the resource is located. |
account_mfa_enabled | boolean | Specifies whether MFA is enabled for the account. | |
account_signing_certificates_present | bigint | Specifies the number of account signing certificates present. | |
assume_role_policy_size_quota | bigint | Specifies the allowed assume role policy size. | |
attached_policies_per_group_quota | bigint | Specifies the allowed attached policies per group. | |
attached_policies_per_role_quota | bigint | Specifies the allowed attached policies per role. | |
attached_policies_per_user_quota | bigint | Specifies the allowed attached policies per user. | |
global_endpoint_token_version | bigint | Specifies the token version of the global endpoint. | |
group_policy_size_quota | bigint | Specifies the allowed group policy size. | |
groups | bigint | Specifies the number of groups. | |
groups_per_user_quota | bigint | Specifies the allowed number of groups. | |
groups_quota | bigint | Specifies the allowed number of groups. | |
instance_profiles | bigint | Specifies the number of groups. | |
instance_profiles_quota | bigint | Specifies the allowed number of groups. | |
mfa_devices | bigint | Specifies the number of MFA devices. | |
mfa_devices_in_use | bigint | Specifies the number of MFA devices in use. | |
partition | text | The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov). | |
policies | bigint | Specifies the number of policies. | |
policies_quota | bigint | Specifies the allowed number of policies. | |
policy_size_quota | bigint | Specifies the allowed size of policies. | |
policy_versions_in_use | bigint | Specifies the number of policy versions in use. | |
policy_versions_in_use_quota | bigint | Specifies the allowed number of policy versions. | |
providers | bigint | Specifies the number of providers. | |
region | text | The AWS Region in which the resource is located. | |
role_policy_size_quota | bigint | Specifies the allowed role policy size. | |
roles | bigint | Specifies the number of roles. | |
roles_quota | bigint | Specifies the allowed number of roles. | |
server_certificates | bigint | Specifies the number of server certificates. | |
server_certificates_quota | bigint | Specifies the allowed number of server certificates. | |
signing_certificates_per_user_quota | bigint | Specifies the allowed number of signing certificates per user. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
user_policy_size_quota | bigint | Specifies the allowed user policy size. | |
users | bigint | Specifies the number of users. | |
users_quota | bigint | Specifies the allowed number of users. | |
versions_per_policy_quota | bigint | Specifies the allowed number of versions per policy. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws
You can pass the configuration to the command with the --config
argument:
steampipe_export_aws --config '<your_config>' aws_iam_account_summary