Optimize AWS Group Entitlements
Manage Group Entitlements with Detail Drawers
The Groups page organizes everything around the group.
- Overview: Displays the critical permissions issues detected for this group, sorted by Risk and Actionable Risk.
- Users: Displays the list of users assigned to the group, including the user Name, when they were Last Active, and the number of other groups they are part of.
- Attached IAM Policies: Displays the policies to which this group is connected, sorted by unused permissions.
- Group Details: Displays a summary of this group’s details, including creation date, number of users, number of policies, and ARN details.
To reduce entitlements for a particular Group, click on its name to open the detail drawer and subtabs. The remediation options for groups work similarly to users and roles.
Apply Remediation Strategies
See the AWS User Optimization Examples and follow the same basic pattern for Groups. You can:
Analyze the group permissions details
Create a group-specific optimized policy
Optimize a policy globally.
For more information, see the example.
Delete an unused policy
User Permission Warning
The Users list in the Groups detail sub-tab may display a warning emoji when a user has been assigned permissions outside the group. We recommend streamlining user permissions and using group permissions when possible.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.