You can view identity and access management (IAM) relationships.
Sophos Cloud Optix provides an easy-to-use visualization of your AWS and Azure IAM principals, services, and resources.
You can see relationships between services and resources such as IAM users, IAM groups, IAM roles, server instances, and functions. This helps you assess the risks associated with granting access to services.
Use IAM visualization to answer important questions, such as:
- Which virtual machine instances and serverless functions have access to a storage service?
- Which IAM users have access to a VM?
- How do IAM users access a specific service, for example via group membership, IAM roles, or directly via in-line policies?
- Are any IAM users overprivileged? Do they have access to services they don't use?
To use IAM visualization, do as follows:
- Click IAM visualization.
- Select AWS or Azure.
- Select the environment you want to investigate.
- Use the Resources and Services filters, or the search box, to customize your visualization.
Click the icons to see additional information.
For example, in an AWS environment click the IAM group icon to see the IAM users in that group and the AWS services they can access.