Monitor AWS IAM Access Analyzer Findings With Datadog | Datadog

Monitor AWS IAM Access Analyzer findings with Datadog

Author Jordan Obey

Published: 12月 5, 2019

As you monitor the health and performance of your infrastructure and applications, you also need to be able to identify potential threats to the security of those components. To help address this challenge, we’re pleased to announce that Datadog now integrates with AWS Identity and Access Management (IAM) Access Analyzer, a new IAM feature that helps administrators ensure that they have securely configured access to their resources. Along with our recent addition of Cloud SIEM, this integration provides critical visibility into the security of your infrastructure while you monitor its health and performance.

What is AWS IAM Access Analyzer?

AWS IAM Access Analyzer uses automated reasoning to analyze resource policies and determine whether any AWS resources (e.g., IAM roles, S3 buckets, KMS keys) can be accessed from outside of your account. If you use AWS and want to ensure your policies grant the proper permissions, IAM Access Analyzer can help you detect unintended access to supported AWS resources.

AWS IAM Access Analyzer automatically analyzes resource policies for S3 buckets, IAM roles, KMS keys, Lambda functions, and SQS queues in your environment, and then reports possible issues in the form of findings, allowing you to update your policies as needed. If you change any of your policies, AWS IAM Access Analyzer will continuously analyze those updates and generate new findings to keep pace with the rate of change across your dynamic infrastructure.

Configure AWS IAM Access Analyzer to forward findings to Datadog logs

AWS IAM Access Analyzer findings delivered straight to your Datadog account

Datadog integrates with AWS IAM Access Analyzer through an AWS Lambda function to receive findings as CloudWatch Events (in JSON format) and forward them to your Datadog account as logs. Once you’re aggregating all of these findings with Datadog, you can keep tabs on the state of your resource policies and get alerted about critical issues or misconfigurations (e.g., if any resources can be accessed from outside of your AWS account).

Enable alerts to notify you automatically when resource policies are misconfigured or not behaving as expected

Monitor and protect your AWS services with Datadog

If you already use Datadog to monitor the health and performance of AWS services like S3 and SQS, now you can correlate that data with AWS IAM Access Analyzer findings to ensure that you’ve properly configured access to those services. For instance, if an AWS IAM Access Analyzer finding indicates that a policy is not granting permissions to S3 buckets as expected, you can investigate by correlating the log with metrics on your S3 dashboard. If you see an unexpected uptick in requests to those resources, it could mean the security of your account has been compromised.

Correlate Access Analyzer findings with AWS resource metrics like S3 to troubleshoot effectively

Performance, health, and security all in one place

Our new integration with AWS IAM Access Analyzer complements our existing support for Amazon GuardDuty, which forwards threat detection logs to Datadog to help you identify unauthorized activity. With Datadog Cloud SIEM and integrations with more than 600 other technologies, you can monitor your services and keep them protected.

If you’re already using Datadog, you can start monitoring the security of your infrastructure here. Otherwise, sign up for a 14-day .