AWS IAM User
AWS IAM User Fields
Guid
TEXT
LIKE, NOT_LIKE, EQUAL, NOT_EQUAL, IS_EMPTY
A unique identifier that is a combination of the GUID of the selected Scan and the AWS IAM User's unique ID.
FSName
TEXT
LIKE, NOT_LIKE, EQUAL, NOT_EQUAL, IS_EMPTY
A special unique identifier that is a combination of the UserName and the AWS Account ID.
Arn
TEXT
LIKE, NOT_LIKE, EQUAL, NOT_EQUAL, IS_EMPTY
Amazon Resource Name that uniquely identifies this IAM user across all of AWS.
AccountId
TEXT
LIKE, NOT_LIKE, EQUAL, NOT_EQUAL, IS_EMPTY
The AWS account ID that this IAM user belongs to.
Region
TEXT
LIKE, NOT_LIKE, EQUAL, NOT_EQUAL, IS_EMPTY
The AWS region associated with this IAM user.
OrganizationId
TEXT
LIKE, NOT_LIKE, EQUAL, NOT_EQUAL, IS_EMPTY
The AWS Organizations ID that this user's account belongs to.
UserName
TEXT
LIKE, NOT_LIKE, EQUAL, NOT_EQUAL, IS_EMPTY
The friendly name identifying the IAM user.
Path
TEXT
LIKE, NOT_LIKE, EQUAL, NOT_EQUAL, IS_EMPTY
The path to the user in the IAM hierarchy. Used to organize users.
PermissionsBoundary
TEXT
LIKE, NOT_LIKE, EQUAL, NOT_EQUAL, IS_EMPTY
The ARN of the policy used to set the permissions boundary for the user. Limits the maximum permissions the user can have.
HasPassword
BOOLEAN
N/A
Indicates whether the user has a console login password set.
MfaEnabled
BOOLEAN
N/A
Indicates whether Multi-Factor Authentication (MFA) is enabled for this user.
HasConsoleAccess
BOOLEAN
N/A
Indicates whether the user has AWS Management Console access enabled.
IsPrivileged
BOOLEAN
N/A
Indicates whether the user has been identified as privileged based on their effective permissions.
IsStealth
BOOLEAN
N/A
Indicates that the user can compromise admin objects with at least one attack path without being an explicit admin.
IsInactive
BOOLEAN
N/A
Indicates whether the user has been inactive (no console or API activity) for longer than the defined inactivity threshold.
AWSTier
NUMBER
EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL
Privilege tier of the user based on their effective permissions. Higher values indicate greater privilege.
CreateDate
DATE
SMALLER, LARGER, BETWEEN, EQUAL
The date and time when the IAM user was created.
PasswordLastUsed
DATE
SMALLER, LARGER, BETWEEN, EQUAL
The date and time when the user's password was last used to sign in to the AWS Management Console.
ExposurePoint
NUMBER
EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL
A numerical value indicating the level of exposure based on how many other entities can reach this user through attack paths.
risk
NUMBER
EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL
The risk score of the user calculated based on vulnerability counts and severities.
Last updated
Was this helpful?