Resources attached to an AWS IAM Role
Question
is there a way to find out what all resources are using an IAM role. Because I want to modify that and wanted to check what all could affect my modification.
2 answers
solution1
0 2019-12-18 21:22:01
Not quite.
Services can "assume" a role. This happens when the activity is run (eg when an AWS Lambda function is invoked, or when an Amazon EC2 instance is launched). Thus, there is no permanent 'link' between roles and services. Therefore, it is not possible to say "list me everything that is using this IAM Role".
However, you could list services and see which roles they are configured to use. For example, you could describe EC2 instances and check what IAM Role they are configured to use. However, you would need to do this for all services that you know are potentially using the roles.
solution2
0 2019-12-18 21:38:29
You can find where an IAM role is used from based on the past usage.
I can think of few ways.
method 1 - Access Advisor
- click the "Access Advisor" tab section that appears when you click an IAM role
- check last accessed time of each services
method 2 - Cloudtrail
the cli command will tell you which services/user assumed the role and also the action they performed.
aws cloudtrail lookup-events --max-results 20 --lookup-attributes AttributeKey=ResourceName,AttributeValue=arn:aws:iam::012345678901:role/lambdaRole --output json --query "Events[*].[CloudTrailEvent]"
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.