AWS Identity and Access Management (IAM) is the product of choice for many enterprise organizations to manage authentication and authorization; it allows customers to specify authorization policies to permit or deny actions for services and resources within and across accounts.
However, the vast scope of granular service-level permissions, VM and service account authorization to AWS resources, and user federation in AWS IAM make it inherently complex. The AWS IAM User Guide alone is up to 888 pages and continues to expand. As a result, managing AWS IAM and auditing access permissions is error-prone, time-consuming, and costly.
Veza discovers the relationships between human and non-human (e.g., service account) AWS IAM principals, policies, services, and data sources, and enables security teams to assess, query, and monitor authorization across your organization’s AWS accounts. Veza surfaces insights into ACLs and local users that might have permissions invisible to AWS IAM. We can connect to your identity provider to give a complete end-to-end picture, beyond simply the role in AWS, of who can and should take what action on what data.