> For the complete documentation index, see [llms.txt](https://docs.forestall.io/fsprotect/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.forestall.io/fsprotect/search-and-reports/aws-iam-user.md). # AWS IAM User ### AWS IAM User Fields | Field | Type | Possible Operators | Description | | ------------------- | ------- | -------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- | | Guid | TEXT | LIKE, NOT\_LIKE, EQUAL, NOT\_EQUAL, IS\_EMPTY | A unique identifier that is a combination of the GUID of the selected Scan and the AWS IAM User's unique ID. | | FSName | TEXT | LIKE, NOT\_LIKE, EQUAL, NOT\_EQUAL, IS\_EMPTY | A special unique identifier that is a combination of the UserName and the AWS Account ID. | | Arn | TEXT | LIKE, NOT\_LIKE, EQUAL, NOT\_EQUAL, IS\_EMPTY | Amazon Resource Name that uniquely identifies this IAM user across all of AWS. | | AccountId | TEXT | LIKE, NOT\_LIKE, EQUAL, NOT\_EQUAL, IS\_EMPTY | The AWS account ID that this IAM user belongs to. | | Region | TEXT | LIKE, NOT\_LIKE, EQUAL, NOT\_EQUAL, IS\_EMPTY | The AWS region associated with this IAM user. | | OrganizationId | TEXT | LIKE, NOT\_LIKE, EQUAL, NOT\_EQUAL, IS\_EMPTY | The AWS Organizations ID that this user's account belongs to. | | UserName | TEXT | LIKE, NOT\_LIKE, EQUAL, NOT\_EQUAL, IS\_EMPTY | The friendly name identifying the IAM user. | | Path | TEXT | LIKE, NOT\_LIKE, EQUAL, NOT\_EQUAL, IS\_EMPTY | The path to the user in the IAM hierarchy. Used to organize users. | | PermissionsBoundary | TEXT | LIKE, NOT\_LIKE, EQUAL, NOT\_EQUAL, IS\_EMPTY | The ARN of the policy used to set the permissions boundary for the user. Limits the maximum permissions the user can have. | | HasPassword | BOOLEAN | N/A | Indicates whether the user has a console login password set. | | MfaEnabled | BOOLEAN | N/A | Indicates whether Multi-Factor Authentication (MFA) is enabled for this user. | | HasConsoleAccess | BOOLEAN | N/A | Indicates whether the user has AWS Management Console access enabled. | | IsPrivileged | BOOLEAN | N/A | Indicates whether the user has been identified as privileged based on their effective permissions. | | IsStealth | BOOLEAN | N/A | Indicates that the user can compromise admin objects with at least one attack path without being an explicit admin. | | IsInactive | BOOLEAN | N/A | Indicates whether the user has been inactive (no console or API activity) for longer than the defined inactivity threshold. | | AWSTier | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER\_EQUAL, LARGER\_EQUAL | Privilege tier of the user based on their effective permissions. Higher values indicate greater privilege. | | CreateDate | DATE | SMALLER, LARGER, BETWEEN, EQUAL | The date and time when the IAM user was created. | | PasswordLastUsed | DATE | SMALLER, LARGER, BETWEEN, EQUAL | The date and time when the user's password was last used to sign in to the AWS Management Console. | | ExposurePoint | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER\_EQUAL, LARGER\_EQUAL | A numerical value indicating the level of exposure based on how many other entities can reach this user through attack paths. | | risk | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER\_EQUAL, LARGER\_EQUAL | The risk score of the user calculated based on vulnerability counts and severities. | --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.forestall.io/fsprotect/search-and-reports/aws-iam-user.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.