Entitlements Analyzer
The Plerion Entitlements Analyzer is a powerful tool designed to provide insights into cloud entitlement access and permissions, specifically focusing on the critical question of "Who Has Access to What." This documentation offers a comprehensive guide to utilizing the Entitlements Analyzer effectively for analyzing and managing access permissions within your cloud environment.
This feature is currently in beta and may contain bugs and undergo changes.
Terminologies
AWS Access Levels
AWS access levels describe the action permissions defined for each AWS service mentioned in the policy. Access level summaries indicate whether the actions in each access level (List, Read, Tagging, Write, and Permissions management) have Full or Limited permissions defined in the policy. Understanding these access levels is crucial for effectively managing access permissions within your AWS environment. Learn more about how AWS defines the access levels here (opens in a new tab).
Plerion Classifications
Plerion Classifications are custom classes defined by Plerion for identifying and categorizing sensitive IAM actions. These classifications provide a structured way to assess and manage potential risks associated with certain actions. The classes include:
- Credential Exposure
- Data Access
- Privilege Escalation
- Resource Exposure
Getting Started
Navigate to the Entitlements Analyzer using the URL: Entitlements Analyzer . This is the entry point for accessing the features and functionalities provided by the Entitlements Analyzer tool.
Filtering
Use the filters available in the Entitlements Analyzer to drill down into specific data sets based on various criteria such as user roles, permissions, resource types, and more.
Data Loading
By default, Plerion will load data progressively until it finds all the results or stops when it hits the limit of 10,000 relationships.
Data View
Graph View
The Graph View provides a visual graph representation of access relationships within your cloud environment.
Table View
The Table View presents access permissions in a tabular format, providing detailed information about users, roles, resources, and associated permissions.
