Prisma Cloud RQL query to find IAM users that have IAM access key permissions for other IAM users

Prisma Cloud RQL query to find IAM users that have IAM access key permissions for other IAM users

3161
Created On 07/31/22 11:25 AM - Last Modified 11/20/24 16:58 PM


Question


  • What is the Prisma Cloud RQL query to find IAM users that have IAM access key permissions for other IAM users?

Environment


  • Prisma Cloud
  • Public Cloud

Answer


  • Finding users with access key permissions to another users in the same account is not supported as of today. 
  • Meanwhile, to return all IAM resources with the listed permissions, run the following RQL query:
config from iam where dest.cloud.service.name = 'iam' AND action.name IN ( 'iam:CreateAccessKey' , 'iam:DeleteAccessKey', 'iam:UpdateAccessKey')


Example
Screenshot 2022-07-31 at 7.16.36 PM.png
 

Additional Information


IAM Query Examples
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000CqzBCAS&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language