AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

Why doesn't IAM show user principal IDs nor allow for searching?

0

From GuardDuty we get notifications about modifications to S3 buckets in the format

{"Records":[{"eventVersion":"2.1","eventSource":"aws:s3","awsRegion":"ap-southeast-1","eventTime":"DATETIME","eventName":"ObjectCreated:Put","userIdentity":{"principalId":"AWS:21CHARACTER"},"requestParameters":{"sourceIPAddress":"1.2.3.4"},"responseElements":{"x-amz-request-id":"X-AMZ-REQUEST-ID","x-amz-id-2":"X-AMZ-ID-2"},"s3":{"s3SchemaVersion":"1.0","configurationId":"CONFIGURATIONID","bucket":{"name":"BUCKETNAME","ownerIdentity":{"principalId":"14CHARACTER"},"arn":"arn:aws:s3:::BUCKETNAME"},"object":{"key":"FILE.NAME","size":1234,"eTag":"ETAG","sequencer":"SEQUENCER"}}}]}
  1. Why doesn't it report the user ARN?
  2. Why does IAM not show each user's (21-character) principal ID?
  3. Why does IAM not make principal ID searchable?
  4. Why does AWS CLI iam get-user not implement get by principal ID?
  5. Why does it have to be iam list-users to pull every user to manually check?
주제
보안, 신원 및 규정 준수관리 및 거버넌스
태그
AWS 자격 증명 및 액세스 관리아마존 GuardDutyAWS 명령줄 인터페이스
언어
English
icelava
질문됨 2년 전486회 조회
1개 답변
-1

There have been security findings that have indicated that the AWS account ID is sensitive. It therefore imperative, from a security standpoint, that the account ID be protected. Most of the things that you appear to desire would expose the account ID.

Nathan Zook--Carrum Health
답변함 2년 전
  • icelava
    2년 전

    So executing aws iam list-users to get everybody's principal ID is, not sensitive?

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠