1
00:00:00,000 --> 00:00:02,060
We are nearing the end of the section,

2
00:00:02,060 --> 00:00:04,650
but first let's talk about the kind of security tools

3
00:00:04,650 --> 00:00:06,100
we have in IAM.

4
00:00:06,100 --> 00:00:08,570
So we can create an IAM Credentials Report

5
00:00:08,570 --> 00:00:10,740
and this is at your account-level.

6
00:00:10,740 --> 00:00:13,670
This report will contain all your accounts users

7
00:00:13,670 --> 00:00:16,219
and the status of their various credentials.

8
00:00:16,219 --> 00:00:18,460
We'll be actually generating it right now

9
00:00:18,460 --> 00:00:20,260
and having a look at it.

10
00:00:20,260 --> 00:00:22,710
The second security tool we're gonna use in IAM

11
00:00:22,710 --> 00:00:24,600
is called IAM Access Advisor.

12
00:00:24,600 --> 00:00:26,690
This one is at the user-level

13
00:00:26,690 --> 00:00:28,910
and the Access Advisor is going to show

14
00:00:28,910 --> 00:00:31,100
the service permissions granted to a user

15
00:00:31,100 --> 00:00:35,150
and when those services were last accessed.

16
00:00:35,150 --> 00:00:37,850
This will be very helpful because we are talking already

17
00:00:37,850 --> 00:00:40,320
about the principle of least privilege,

18
00:00:40,320 --> 00:00:44,170
and so using this tool, we're able to see which permissions

19
00:00:44,170 --> 00:00:47,460
are not used and reduce the permission a user can get

20
00:00:47,460 --> 00:00:50,640
to be inline with the principle of least privilege.

21
00:00:50,640 --> 00:00:52,370
So I will see you in the next lecture

22
00:00:52,370 --> 00:00:54,393
to show you how to use the security tools.