Enable IAM Security

Activate the IAM Security module in Prisma ™ Cloud so that you have Cloud Infrastructure Entitlement Management (CIEM) functionality.
You can enable the IAM Security module on Prisma Cloud in a couple of clicks, because it requires the same permissions you provided when onboarding your AWS account on Prisma Cloud. It does not require new permissions to get all of the effective permissions calculations and all the write events.
  1. Log in to the Prisma Cloud administrative console.
  2. Onboard your AWS account on Prisma Cloud.
    Verify that you have onboarded with AWS CloudTrail so that you receive excessive permissions alerts.
  3. Enable the IAM Security module.
    1. Select
      Subscription
      to see the options you have available on your Prisma Cloud tenant.
    2. Click
      Learn More
      under the IAM Security icon.
    3. Click
      Start 30 Day Trial
      , and then click
      Agree & Submit
      .
    4. Verify that your installation was successful.
  4. Investigate with RQL.
    After the IAM Security module has been successfully activated, RQL will be extended to include the
    iam
    query. Enter the query in the
    Investigate
    tab to confirm that the
    iam
    module has been enabled:
    config from iam where source.cloud.service.name = 'iam' and source.cloud.resource.type = 'user' and source.cloud.resource.name = 'my-user'
    After the RQL has been rendered successfully, a green check mark will appear in the search field.
    Read the documentation for more information on how to use the
    iam
    query.

Recommended For You