How To View AWS IAM Roles With Administrator Access Permissions Using RQL in Prisma Cloud

How To View AWS IAM Roles With Administrator Access Permissions Using RQL in Prisma Cloud

1706
Created On 07/30/22 03:06 AM - Last Modified 02/07/25 21:40 PM


Objective


How to view AWS IAM Roles which have administrator access permissions 

Environment


  • Prisma Cloud 
  • AWS 
  • RQL 

Procedure


  1. GUI: Log into Prisma Cloud Console > Investigate > Search the RQL below
config from cloud.resource where cloud.type = 'aws' AND api.name = 'aws-iam-list-roles' as X; config from cloud.resource where api.name = 'aws-iam-get-policy-version' as Y; filter "($.X.inlinePolicies[*].policyDocument.Statement[?(@.Effect=='Allow' && @.Resource=='*')].Action any equal *) or ($.X.attachedPolicies[*].policyArn contains $.Y.policyArn and $.Y.document.Statement[?(@.Effect=='Allow' && @.Resource=='*')].Action any equal *)"; show X;

 

Additional Information


RQL Example Library
Prisma Cloud RQL Reference
 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000CqyDCAS&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail