- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
To mitigate the impact of credential exposure or compromise, IAM policies should be scoped down to the least level of privilege needed to perform their responsibilities. This rule identifies when a role’s policy’s permissions are more broad than what is regularly used. Datadog considers a permissions gap to be large when the number of unused permissions is greater than 40% of the total permissions count.
By comparing what actions an IAM role performed recently with what the role’s policies permit, we can identify a permissions gap. This gap should be removed to mitigate the impact of a potential compromise.
Datadog recommends reducing the permissions attached to an IAM role to the minimum necessary for it to fulfill its function. You can use AWS Access Advisor to identify effective permissions used by your instances, and use AWS IAM Access Analyzer to generate an IAM policy based on past CloudTrail events.
CloudTrail logs can be filtered in multiple ways that can impact rule detection.
ExcludeAtMatch
parameter as detailed in the log filtering section of the Datadog forwarder page. Check the Datadog Forwarder Lambda function settings for any unused permissions being excluded. If the unused permissions are part of the exclusion filters, remove the entries excluding the logs containing these permissions.