Optimize AWS Group Entitlements

Use the detail drawers on the Groups page to analyze and remediate identity risks associated with the AWS IAM User Group and policies.

Manage Group Entitlements with Detail Drawers

The Groups page organizes everything around the group.

  • Overview: Displays the critical permissions issues detected for this group, sorted by Risk and Actionable Risk.
  • Users: Displays the list of users assigned to the group, including the user Name, when they were Last Active, and the number of other groups they are part of.
  • Attached IAM Policies: Displays the policies to which this group is connected, sorted by unused permissions.
  • Group Details: Displays a summary of this group’s details, including creation date, number of users, number of policies, and ARN details.

To reduce entitlements for a particular Group, click on its name to open the detail drawer and subtabs. The remediation options for groups work similarly to users and roles.

Apply Remediation Strategies

See the AWS User Optimization Examples and follow the same basic pattern for Groups. You can:

  • Analyze the group permissions details

  • Create a group-specific optimized policy

  • Optimize a policy globally.

    For more information, see the example.

  • Delete an unused policy

User Permission Warning

The Users list in the Groups detail sub-tab may display a warning emoji when a user has been assigned permissions outside the group. We recommend streamlining user permissions and using group permissions when possible.