- Newest
- Most votes
- Most comments
For sensitive questions, I'd reach out to AWS Support for help as well.
For AWS Management API calls including IAM Changes such as:
- AttachRolePolicy
- PutRolePolicy (Inline Policy on a Role) like you've seen: More information about CloudTrail Logging: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html
In Cloudtrail, you can filter by dates and search by Events as well. For checking the Lambda, you can check Invocation of the Lambda (Lambda being run as well).
There are some AWS Services that offer checks like that such as AWS Config: https://docs.aws.amazon.com/config/latest/developerguide/iam-policy-no-statements-with-admin-access.html, but you may want to evaluate the cost of those services as well.
For information about to do with suspected compromise, read here: https://aws.amazon.com/premiumsupport/knowledge-center/potential-account-compromise/.
Hi, I checked the cloudtrail, I define the time range, then i search event name: attachrolepolicy.
i want to further restricted by user or other criteria, how to do? it only allow me to search one criterial for example Event name
Relevant content
- asked 4 years ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago