Entitlements Analyzer Coverage

This document serves as a reference for the coverage of the Plerion Entitlements Analyzer feature.

Supported Provider

AWS only

Supported Identities

Supported policy types

ABAC Support

Supported resource types

• AWS::Lambda::Function
• AWS::EC2::InternetGateway
• AWS::EC2::Subnet
• AWS::EC2::RouteTable
• AWS::EC2::NetworkAcl
• AWS::EC2::Instance
• AWS::IAM::InstanceProfile
• AWS::EC2::NetworkInterface
• AWS::IAM::Role
• AWS::IAM::Policy
• AWS::ApiGatewayV2::Api
• AWS::ApiGatewayV2::Route
• AWS::DynamoDB::Table
• AWS::ECS::Service
• AWS::ECS::Cluster
• AWS::ECS::TaskDefinition
• AWS::EC2::SecurityGroup
• AWS::S3::Bucket
• AWS::RDS::DBCluster
• AWS::EC2::VPC
• AWS::APIGateway::RestAPI
• AWS::ApiGatewayV2::Integration
• AWS::APIGateway::Resource
• AWS::APIGateway::Integration
• AWS::RDS::DBInstance
• AWS::ElasticLoadBalancingV2::Listener
• AWS::AutoScaling::LaunchConfiguration
• AWS::EC2::LaunchTemplate
• AWS::AutoScaling::AutoScalingGroup
• AWS::ElasticLoadBalancingV2::LoadBalancer
• AWS::ElasticLoadBalancingV2::TargetGroup
• AWS::EC2::LaunchTemplateVersion
• AWS::RDS::DBSecurityGroup
• AWS::IAM::User
• AWS::IAM::Group
• AWS::KMS::Key
• AWS::EC2::Volume
• AWS::EC2::AMI
• AWS::SQS::Queue
• AWS::EventBridge::EventBus
• AWS::ECR::Repository
• AWS::CloudTrail::Trail
• AWS::EC2::Snapshot
• AWS::RDS::DBClusterSnapshot
• AWS::Backup::BackupVault
• AWS::SecretsManager::Secret
• AWS::SNS::Topic
• AWS::SageMaker::Notebook
• AWS::Neptune::DBCluster
• AWS::Neptune::DBInstance
• AWS::Lambda::Layer
• AWS::SES::EmailIdentity

Limitations

• Currently permissions associated with S3 bucket objects like s3:GetObject, s3:WriteObject etc aren't supported