Learn why the IAM Security module helps you reduce risk
and improve your security posture.
Prisma Cloud IAM security capabilities
help you evaluate the effective permissions assigned to users, workloads
and data (also called entitlements) on your cloud provider so that
you can properly administer identity and access management (IAM)
policies and enforce access using the principle of least privilege.
IAM Security gives you:
Visibility—Improve the visibility of effective permissions
to resources in the cloud accounts. The ability to query all relevant
IAM entities including all the relationships between the different
entities and the entities’ effective permissions across multiple
Governance—Monitor excess and unused privileges, provide out-of-the-box
security best practices policies and review cloud identity compliance
Response—Enables you to automatically adjust effective IAM permissions to
take action and reduce risk.
The IAM Security module runs a proprietary algorithm to calculate
effective permissions of the users across your AWS environments.
This algorithm combines various cloud sources such as AWS IAM roles,
AWS IAM policies, AWS IAM groups, AWS resource based policies, and
AWS service control policies (SCPs) to compute the net effective
permissions of cloud resources. It extends the Config query in RQL (for
config from iam where
) to help you
gain visibility into the entities in your cloud environment.
For example, with the net effective permissions calculation you
can now discover the permissions for a specific user in your AWS
account, or which users have access to an S3 bucket.