Cloud Conformity Real-Time Threat Monitoring and Analysis (RTMA) engine has detected configuration changes made at the Identity and Access Management (IAM) service level, within your AWS account.
Amazon Identity and Access Management (IAM) is a web service that helps you securely control access to your AWS services and resources. With AWS IAM you can centrally manage users and groups, security credentials (i.e. access keys) and permissions that control which resources users and applications can access in your AWS account. Essentially, the IAM service is used to control who is authenticated (signed in) and authorized (has permissions) to use AWS cloud resources.
Cloud Conformity RTMA can detect any IAM configuration change made within your AWS account such as creating and deleting IAM user and roles, updating the password policy defined for your AWS account, attaching and detaching access policies to and from IAM entities, etc. Specifically, the activity detected by the current RTMA rule could be any user (root/IAM) request initiated through AWS Management Console or any AWS API request initiated programmatically using AWS CLI or SDKs, that executes the following Identity and Access Management (IAM) service actions:
Because AWS Identity and Access Management (IAM) is the main point of access control for resources and services within your AWS account, monitoring IAM configuration changes is vital for keeping your AWS cloud environment secure. As a security best practice, you need to be aware of any configuration change made at the Amazon IAM service level. Using Cloud Conformity RTMA to monitor IAM configuration changes can help you prevent any accidental or intentional modifications that may lead to severe security breaches, data leaks, data loss or unexpected charges on your AWS bill.