- Más nuevo
- Más votos
- Más comentarios
UPDATE - specifically regarding KMS Keys - there is no ability to use the kms:ListKeys action from another AWS Account. I'm not aware of anything similar to the IAM credential report for KMS.
The following helps with IAM credentials:
You can generate a credential report for a single AWS account which will list out all credentials in a specific account: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html
To do this at scale we have a blog post with corresponding templates to generate this across all your accounts: https://aws.amazon.com/blogs/infrastructure-and-automation/automate-iam-credential-reports-at-scale-across-aws/
This will also include details of when a key was last used – you’re likely also interested in where it was last used. Querying CloudTrail with Athena is a good next step for digging deeper: https://aws.amazon.com/premiumsupport/knowledge-center/athena-tables-search-cloudtrail-logs/
Contenido relevante
OFICIAL DE AWSActualizada hace 2 años- OFICIAL DE AWSActualizada hace 3 meses
- OFICIAL DE AWSActualizada hace 3 años
Is it possible to have a single master level credential through which we can query the resources of all the child accounts in an AWS Organization account?