> For the complete documentation index, see [llms.txt](https://docs.forestall.io/fsprotect/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.forestall.io/fsprotect/aws-identities/users.md).

# Users

The Users page provides a list of enumerated IAM users in the entire AWS environment. The list contains the Privileged, Tier, Console Access, MFA Enabled, Risk Score, Exposure Point and Issue Counts.

<figure><img src="/files/wRAv1PU0uv4YfEOwiY4A" alt=""><figcaption><p>Users</p></figcaption></figure>

## User Details

Details page contains the Risk Score of the user, Exposure Point, Information and Issues panes.

{% hint style="info" %}
You can analyze objects in the Graph module by clicking the Visualize button on the upper left side of the Information Pane.
{% endhint %}

<figure><img src="/files/kx48dys4jSeZHYdHVi04" alt=""><figcaption><p>User Details</p></figcaption></figure>

## Information

Information Pane can contain different badges to highlight important attributes.

| Badge          | Description                                                                           |
| -------------- | ------------------------------------------------------------------------------------- |
| Privileged     | Indicates that the object is Privileged.                                              |
| Tier           | Indicates that the object tier according to risk score and importance.                |
| Console Access | Indicates that the user has AWS Management Console access.                            |
| Shadow Admin   | Indicates that the object can compromise admin objects with at least one attack path. |

\
Information Pane contains Details, Groups, Policies, Access Keys tabs.

\
**Details**

Details tab contains attributes below about the IAM user object.

| Attribute            | Description                                                                             |
| -------------------- | --------------------------------------------------------------------------------------- |
| Username             | The IAM username used to identify and sign in to AWS services.                          |
| User ID              | The unique identifier assigned to the IAM user by AWS.                                  |
| ARN                  | The Amazon Resource Name that uniquely identifies the IAM user across AWS.              |
| Account ID           | The AWS account ID that the IAM user belongs to.                                        |
| Path                 | The path associated with the IAM user, used for organizational grouping.                |
| Region               | The AWS region type associated with the account (e.g., Commercial, GovCloud, China).    |
| Created              | The date and time when the IAM user was created.                                        |
| Password Last Used   | The most recent date and time the user signed in using a password; blank if never used. |
| Has Password         | Indicates whether the user has a console login password configured.                     |
| MFA Enabled          | Indicates whether multi-factor authentication is enabled for the user.                  |
| Console Access       | Indicates whether the user is allowed to sign in to the AWS Management Console.         |
| Permissions Boundary | The managed policy used to set the maximum permissions for the user; blank if not set.  |
| Source Tenant        | The name of the tenant or configuration source from which the user was scanned.         |
| Object ID            | The unique identifier of the user object, equivalent to the IAM User ID.                |

***

**Groups**

Groups tab contains a list of IAM groups that the user is a member of. This list also contains group-level details to identify the privilege levels of these groups.

<figure><img src="/files/AcDYvmscLfEPtzOcvxYq" alt=""><figcaption><p>Groups</p></figcaption></figure>

***

**Policies**

Policies tab contains a list of IAM policies attached to the user, including both managed and inline policies. This list also contains columns such as AWS Managed and Grants Admin Privileges to identify the scope and risk level of each policy.

<figure><img src="/files/AQhGadWLiHfnZpcVN2dj" alt=""><figcaption><p>Policies</p></figcaption></figure>

***

**Access Keys**

Access Keys tab contains a list of programmatic access keys associated with the user. This list also contains Status and Last Used columns to identify whether the keys are active and recently used.

<figure><img src="/files/pvRsZQA3nPFEpZZyrU5d" alt=""><figcaption><p>Access Keys</p></figcaption></figure>

***

**Issues**

Issues pane contains identified security issues on the IAM user object.

<figure><img src="/files/jIXWJAhgz3DiE2f2Vucm" alt=""><figcaption><p>Issues</p></figcaption></figure>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.forestall.io/fsprotect/aws-identities/users.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.