Optimize AWS Role Entitlements

Use the detail drawers on the Roles page to analyze and remediate identity risks associated with roles and their permissions in your AWS environment.

Manage Role Entitlements with Detail Drawers

The Roles page organizes everything around the AWS role.

  • Overview: Displays the critical permissions issues detected for this role, sorted by Risk and Actionable Risk.
  • Attached IAM Policies: Displays the policies to which this role is connected, sorted by unused permissions.
  • Role Details: Displays a summary of this role’s total granted permissions, group associations, activity, user ARN ID, and findings.

To reduce a role’s entitlements, click on the role name to open the detail drawer and subtabs. The remediation options for roles work the same way as for Users.

Remediation Strategies

See the AWS User Optimization Examples and follow the same pattern for Roles. You can:

  • Analyze the Role Permissions Details
  • Optimize a policy globally
  • Create a role-specific optimized policy
  • Delete an unused policy