Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
No ratings

What is OOTB AWS Mapping

Minesh
Saviynt Employee
Saviynt Employee

on ‎03/25/2024 10:58 AM

This article describes the Out of box AWS attribute mapping

 AWS User Accounts mapping

Following are the AWS IAM user attributes/metadata stored in the ACCOUNTS table of SSM DB. (These are the attributes that you see when you open an account in SSM UI)

 

AWS IAM Metadata

ACCOUNTS table column

userName

name

userId

accountid

arn

customProperty4

passwordLastUsed

lastlogondate

createDate

created_on

isMFADevice

customproperty5

Last Update Date

Customproperty6

Has Login Profile?

Customproperty15

 

Following AWS IAM user metadata is stored in the ACCOUNT_ATTRIBUTES table.

AWS IAM Metadata

ACCOUNTS_ATTRIBUTES table

accessKeyMetadata

ATTRIBUTE_NAME/ATTRIBUTE_VALUE

mfaDeviceInfo

ATTRIBUTE_NAME/ATTRIBUTE_VALUE

 

Following AWS IAM user metadata is stored in the AWS_CREDREPORT.

AWS IAM Metadata

AWS_CREDREPORT table column

userName

User

Console Password Enabled

password_enabled

arn

arn

passwordLastUsed

passwordLastUsed

password_last_changed

password_last_changed

password_next_rotation

password_next_rotation

mfa_active

mfa_active

access_key_1_active

access_key_1_active

access_key_1_last_rotated

access_key_1_last_rotated

access_key_1_last_used_date

access_key_1_last_used_date

access_key_1_last_used_region

access_key_1_last_used_region

access_key_1_last_used_service

access_key_1_last_used_service

access_key_2_active

access_key_2_active

access_key_2_last_rotated

access_key_2_last_rotated

access_key_2_last_used_date

access_key_2_last_used_date

access_key_2_last_used_region

access_key_2_last_used_region

access_key_2_last_used_service

access_key_2_last_used_service

cert_1_active

cert_1_active

cert_2_active

cert_2_active

 

Following are the AWS root account attributes/metadata stored in the ACCOUNTS table of SSM DB. (These are the attributes that you see when you open an account in SSM UI).

AWS IAM Metadata

ACCOUNTS table column

userName

name

Users

customProperty1

GroupPolicySizeQuota

customProperty2

PolicyVersionsInUseQuota

customProperty3

ServerCertificatesQuota

customProperty5

isMFADevice

custompropety5

AccountSigningCertificatesPresent

Custompropety6

AccountAccessKeysPresent

customProperty7

Groups

customProperty8

UsersQuota

customProperty9

RolePolicySizeQuota

customProperty10

GroupsPerUserQuota

customProperty11

 UserPolicySizeQuota

customProperty12

AssumeRolePolicySizeQuota

customProperty13

AttachedPoliciesPerGroupQuota

customProperty14

Roles

customProperty15

VersionsPerPolicyQuota

customProperty16

GroupsQuota

customProperty17

PolicySizeQuota

customProperty18

Policies

customProperty19

RolesQuota

customProperty20

AttachedPoliciesPerRoleQuota

customProperty21

ServerCertificates

customProperty22

MFADevicesInUse

customProperty23

PoliciesQuota

customProperty24

AccountMFAEnabled

customProperty25

Providers

customProperty26

InstanceProfilesQuota

customProperty27

MFADevices

customProperty28

AccessKeysPerUserQuota

customProperty29

AttachedPoliciesPerUserQuota

customProperty30

 

The name of the root account in SSM is stored in the format- AWSAccount-<AWS Account Id>.

For example- AWSAccount-661222050851, AWSAccount-53381135121 etc.

 

AWS Account Level Settings attributes

 

These are the settings that apply to the whole AWS account like Password Policy and Account level settings of S3 Block public access.

 

Following are the attributes stored for the Password Policy in ENTITLEMENT_VALUE table.

For this, the Entitlement Type will be ‘PasswordPolicy’ and the entitlement value will be ‘PasswordPolicy_<AWS Account ID>’. For example- PasswordPolicy_661222050851

 

Password Policy Metadata

ENTITLEMENT_VALUE table column

minimumPasswordLength

customproperty1

requireSymbols

customproperty2

requireNumbers

customproperty3

requireUppercaseCharacters

customproperty4

requireLowercaseCharacters

customproperty5

isMFADevice

customproperty5

allowUsersToChangePassword

customproperty6

expirePasswords

customproperty7

hardExpiry

customproperty8

 

Following are the attributes stored for the Account level settings of S3 Block public access in the ENTITLEMENT_VALUE table.

For this, the Entitlement Type will be ‘AWSAccountSettings’ and the entitlement value will be ‘S3AccountLevelSettings’.

 

S3 Block public access settings

ENTITLEMENT_VALUE table column

BlockPublicAcls

customproperty1

IgnorePublicAcls

customproperty2

BlockPublicPolicy

customproperty3

RestrictPublicBuckets

customproperty4

 

Labels:
0 Kudos
Version history
Last update:
‎03/25/2024 10:58 AM
Updated by:
Saviynt Employee
Copyright © 2024 Khoros, LLC