As you monitor the health and performance of your infrastructure and applications, you also need to be able to identify potential threats to the security of those components. To help address this challenge, we’re pleased to announce that Datadog now integrates with AWS Identity and Access Management (IAM) Access Analyzer, a new IAM feature that helps administrators ensure that they have securely configured access to their resources. Along with our recent addition of Cloud SIEM, this integration provides critical visibility into the security of your infrastructure while you monitor its health and performance.
AWS IAM Access Analyzer uses automated reasoning to analyze resource policies and determine whether any AWS resources (e.g., IAM roles, S3 buckets, KMS keys) can be accessed from outside of your account. If you use AWS and want to ensure your policies grant the proper permissions, IAM Access Analyzer can help you detect unintended access to supported AWS resources.
AWS IAM Access Analyzer automatically analyzes resource policies for S3 buckets, IAM roles, KMS keys, Lambda functions, and SQS queues in your environment, and then reports possible issues in the form of findings, allowing you to update your policies as needed. If you change any of your policies, AWS IAM Access Analyzer will continuously analyze those updates and generate new findings to keep pace with the rate of change across your dynamic infrastructure.
Datadog integrates with AWS IAM Access Analyzer through an AWS Lambda function to receive findings as CloudWatch Events (in JSON format) and forward them to your Datadog account as logs. Once you’re aggregating all of these findings with Datadog, you can keep tabs on the state of your resource policies and get alerted about critical issues or misconfigurations (e.g., if any resources can be accessed from outside of your AWS account).
If you already use Datadog to monitor the health and performance of AWS services like S3 and SQS, now you can correlate that data with AWS IAM Access Analyzer findings to ensure that you’ve properly configured access to those services. For instance, if an AWS IAM Access Analyzer finding indicates that a policy is not granting permissions to S3 buckets as expected, you can investigate by correlating the log with metrics on your S3 dashboard. If you see an unexpected uptick in requests to those resources, it could mean the security of your account has been compromised.
Our new integration with AWS IAM Access Analyzer complements our existing support for Amazon GuardDuty, which forwards threat detection logs to Datadog to help you identify unauthorized activity. With Datadog Cloud SIEM and integrations with more than 600 other technologies, you can monitor your services and keep them protected. Cloud SIEM is part of the Datadog Cloud Security Platform, which protects an organization’s production environment with a full-stack offering providing threat detection and posture management, as well as workload security and application security.