- Le plus récent
- Le plus de votes
- La plupart des commentaires
UPDATE - specifically regarding KMS Keys - there is no ability to use the kms:ListKeys action from another AWS Account. I'm not aware of anything similar to the IAM credential report for KMS.
The following helps with IAM credentials:
You can generate a credential report for a single AWS account which will list out all credentials in a specific account: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html
To do this at scale we have a blog post with corresponding templates to generate this across all your accounts: https://aws.amazon.com/blogs/infrastructure-and-automation/automate-iam-credential-reports-at-scale-across-aws/
This will also include details of when a key was last used – you’re likely also interested in where it was last used. Querying CloudTrail with Athena is a good next step for digging deeper: https://aws.amazon.com/premiumsupport/knowledge-center/athena-tables-search-cloudtrail-logs/
Contenus pertinents
- demandé il y a un an
- demandé il y a 2 mois
- demandé il y a un an
AWS OFFICIELA mis à jour il y a 3 mois- AWS OFFICIELA mis à jour il y a 3 ans
- AWS OFFICIELA mis à jour il y a 2 ans
Is it possible to have a single master level credential through which we can query the resources of all the child accounts in an AWS Organization account?