AccessAnalyzer¶
Enabling the AccessAnalyzer data source collects the results analyzed by AWS AccessAnalyzer service .
What is AccessAnalyzer?
- AWS AccessAnalyzer is a service that helps discover resources shared outside of your AWS account.
- Refer to the official documentation for services supported by AccessAnalyzer.
- AccessAnalyzer analysis results may be delayed by several minutes to 24 hours. Typically, scans are performed upon detecting access policy change events, but there may be a delay of a few hours to a maximum of 24 hours under certain conditions. For more information, refer to the official documentation .
Format¶
When importing data into RISKEN, the following metadata is added:
| Field | Description |
|---|---|
DataSource |
aws:access-analyzer (fixed value) |
ResourceName |
The ARN of the resource detected by AccessAnalyzer |
Description |
Description |
Score |
Refer to Scoring |
Tag |
aws access-analyzer {type} {account ID} |
Scoring¶
AWS AccessAnalyzer does not provide scoring information.
Therefore, when importing to RISKEN, we judge the severity and score based on the following logic:
graph TD
A[Start] --> B{{Active status?}};
B -->|NO| C[Score: 0.1]:::low;
B -->|YES| D{{isPublic?}};
D -->|NO| E[Score: 0.3]:::low;
D -->|YES| F{{Has permissions?}};
F -->|Readable| G[Score: 0.7]:::mid;
F -->|Writable| H[Score: 0.9]:::high;
F -->|Readable & Writable| I[Score: 1.0]:::high;
classDef high fill:#FFFFFF,stroke:#C2185B,stroke-width:4px;
classDef mid fill:#FFFFFF,stroke:#F57C00,stroke-width:4px;
classDef low fill:#FFFFFF,stroke:#4DB6AC,stroke-width:4px;