📕 AWS IAM User

Contextual name: 📕 AWS IAM User
ID: /types/CA10__CaAwsUser__c

Fields

	Label	API Name	Type	Help
🔒	ARN	`CA10__arn__c`	`LongTextArea(32768)`	API Call: iam:ListUsers
🔒	ARN	`CA10__arn2__c`	`Text(255)`	API Call: iam:ListUsers
🔒	Access Keys Count	`CA10__accessKeysCount__c`	`Number(18, 0)`	API Call: iam:ListAccessKeys
🔒🧮	Application	`CA10__application__c`	`Text(1300)`
🔒	Application Tier Api Name	`CA10__applicationTierApiName__c`	`Text(255)`
🔒	Application Tier Cascade Attach	`CA10__applicationTierCascadeAttach__c`	`Checkbox`
🔒	Application Tier Parent Type	`CA10__applicationTierParentType__c`	`Text(255)`
🔒	Application Tier Parent UUID	`CA10__applicationTierParentUuid__c`	`Text(255)`
🔒	Application Tier Unique Name	`CA10__applicationTierUniqueName__c`	`Text(255)`
🔒	Approval Status	`CA10__approveStatus__c`	`Text(255)`
🔒	Approve Date	`CA10__approveDate__c`	`DateTime`
🔒	CloudAware UUID	`CA10__caUuid__c`	`Text(36)`
🔒	CloudAware Usages	`CA10__caUsages__c`	`Text(255)`
🔒	Create Date	`CA10__createDate__c`	`DateTime`	API Call: iam:ListUsers
🔒	Created Date	`CreatedDate`	`DateTime`
🔒🔌	Cred Report: Access Key #1 Active	`CA10__credReportAccessKey1Active__c`	`Checkbox`	API Call: iam:GenerateCredentialReport, iam:GetCredentialReport
🔒	Cred Report: Access Key #1 Last Region	`CA10__credReportAccessKey1LastRegion__c`	`Text(255)`	API Call: iam:GenerateCredentialReport, iam:GetCredentialReport
🔒🔌	Cred Report: Access Key #1 Last Rotated	`CA10__credReportAccessKey1LastRotated__c`	`DateTime`	API Call: iam:GenerateCredentialReport, iam:GetCredentialReport
🔒	Cred Report: Access Key #1 Last Service	`CA10__credReportAccessKey1LastService__c`	`Text(255)`	API Call: iam:GenerateCredentialReport, iam:GetCredentialReport
🔒🔌	Cred Report: Access Key #1 Last Used	`CA10__credReportAccessKey1LastUsed__c`	`DateTime`	API Call: iam:GenerateCredentialReport, iam:GetCredentialReport
🔒🔌	Cred Report: Access Key #2 Active	`CA10__credReportAccessKey2Active__c`	`Checkbox`	API Call: iam:GenerateCredentialReport, iam:GetCredentialReport
🔒	Cred Report: Access Key #2 Last Region	`CA10__credReportAccessKey2LastRegion__c`	`Text(255)`	API Call: iam:GenerateCredentialReport, iam:GetCredentialReport
🔒🔌	Cred Report: Access Key #2 Last Rotated	`CA10__credReportAccessKey2LastRotated__c`	`DateTime`	API Call: iam:GenerateCredentialReport, iam:GetCredentialReport
🔒	Cred Report: Access Key #2 Last Service	`CA10__credReportAccessKey2LastService__c`	`Text(255)`	API Call: iam:GenerateCredentialReport, iam:GetCredentialReport
🔒🔌	Cred Report: Access Key #2 Last Used	`CA10__credReportAccessKey2LastUsed__c`	`DateTime`	API Call: iam:GenerateCredentialReport, iam:GetCredentialReport
🔒	Cred Report: Attributes	`CA10__credReportAttributes__c`	`LongTextArea(32768)`	API Call: iam:GenerateCredentialReport, iam:GetCredentialReport
🔒🔌	Cred Report: Attributes JSON	`CA10__credReportAttributesJson__c`	`LongTextArea(32768)` `JSON`	API Call: iam:GenerateCredentialReport, iam:GetCredentialReport
🔒	Cred Report: Cert #1 Active	`CA10__credReportCert1Active__c`	`Checkbox`	API Call: iam:GenerateCredentialReport, iam:GetCredentialReport
🔒	Cred Report: Cert #1 Last Rotated	`CA10__credReportCert1LastRotated__c`	`DateTime`	API Call: iam:GenerateCredentialReport, iam:GetCredentialReport
🔒	Cred Report: Cert #2 Active	`CA10__credReportCert2Active__c`	`Checkbox`	API Call: iam:GenerateCredentialReport, iam:GetCredentialReport
🔒	Cred Report: Cert #2 Last Rotated	`CA10__credReportCert2LastRotated__c`	`DateTime`	API Call: iam:GenerateCredentialReport, iam:GetCredentialReport
🔒	Cred Report: Generated Time	`CA10__credReportGeneratedTime__c`	`DateTime`	API Call: iam:GenerateCredentialReport, iam:GetCredentialReport
🔒🔌	Cred Report: MFA Active	`CA10__credReportMfaActive__c`	`Checkbox`	API Call: iam:GenerateCredentialReport, iam:GetCredentialReport
🔒🔌	Cred Report: Password Enabled	`CA10__credReportPasswordEnabled__c`	`Checkbox`	API Call: iam:GenerateCredentialReport, iam:GetCredentialReport
🔒🔌	Cred Report: Password Last Changed	`CA10__credReportPasswordLastChanged__c`	`DateTime`	API Call: iam:GenerateCredentialReport, iam:GetCredentialReport
🔒🔌	Cred Report: Password Last Used	`CA10__credReportPasswordLastUsed__c`	`DateTime`	API Call: iam:GenerateCredentialReport, iam:GetCredentialReport
🔒	Cred Report: Password Next Rotation	`CA10__credReportPasswordNextRotation__c`	`DateTime`	API Call: iam:GenerateCredentialReport, iam:GetCredentialReport
🔒	Cred Report: User Creation Time	`CA10__credReportUserCreationTime__c`	`DateTime`	API Call: iam:GenerateCredentialReport, iam:GetCredentialReport
🔒🧮	Days Since Last AWS Access	`CA10__daysSinceLastAwsAccess__c`	`Number(18, 0)`
🔒	Deleted	`IsDeleted`	`Checkbox`
🔒	Deleted From AWS	`CA10__disappearanceTime__c`	`DateTime`
🔒	Deprecated: Chatter Ignore	`CA10__chatterIgnore__c`	`Checkbox`
🔒	Deprecated: Created By ARN	`CA10__createdByArn__c`	`Text(255)`
🔒	Deprecated: Created By User ARN	`CA10__createdByUserArn__c`	`Text(255)`
🔒	Deprecated: Created Date	`CA10__createdDate__c`	`DateTime`
🔒🧮	Deprecated: IAM-OPT-083 Compliant	`CA10__policy083Compliant__c`	`Text(1300)`
🔒🧮	Deprecated: IAM-ST-026 Compliant	`CA10__policy024Compliant__c`	`Text(1300)`
🔒🧮	Deprecated: IAM-ST-080 Compliant	`CA10__policy080Compliant__c`	`Text(1300)`
🔒	Deprecated: Individual Policies Count	`CA10__individualPoliciesCount__c`	`Number(18, 0)`
🔒	Deprecated: Last AWS Access	`CA10__lastAwsAccess__c`	`DateTime`
🔒	Deprecated: Last Login Date Time	`CA10__lastLoginDateTime__c`	`DateTime`
🔒	Deprecated: Name In Email Format	`CA10__nameInEmailFormat__c`	`Checkbox`
🔒	Fire Change Trigger	`CA10__fireChangeTrigger__c`	`DateTime`
🔒	Hardware MFA Enable Date	`CA10__hardwareMfaEnableDate__c`	`DateTime`	API Call: iam:ListMFADevices
🔒	Hardware MFA Serial Number	`CA10__hardwareMfaSerialNumber__c`	`Text(255)`	API Call: iam:ListMFADevices
🔒	Hardware MFA State	`CA10__hardwareMfaState__c`	`Text(255)`
🔒	Has API Access	`CA10__hasKeys__c`	`Checkbox`	API Call: iam:ListAccessKeys
🔒	Last Activity Date	`LastActivityDate`	`Date`
🔒	Last Modified Date	`LastModifiedDate`	`DateTime`
🔒	Login Profile Create Date	`CA10__loginProfileCreateDate__c`	`DateTime`	API Call: iam:GetLoginProfile
🔒🔌	MFA Device Type	`CA10__mfaDeviceType__c`	`Text(255)`
🔒	MFA Enable Date	`CA10__mfaEnableDate__c`	`DateTime`	API Call: iam:ListMFADevices
🔒	MFA Serial Number	`CA10__mfaSerialNumber__c`	`Text(255)`	API Call: iam:ListMFADevices
🔒	Password Last Used	`CA10__passwordLastUsed__c`	`DateTime`	API Call: iam:ListUsers
🔒	Password Reset Required	`CA10__passwordResetRequired__c`	`Text(255)`	API Call: iam:GetLoginProfile
🔒	Path	`CA10__path__c`	`LongTextArea(32768)`	API Call: iam:ListUsers
🔒	Permissions Boundary: ARN	`CA10A1__permissionsBoundaryArn__c`	`LongTextArea(32768)`	API Call: iam:ListUsers
🔒	Permissions Boundary: Type	`CA10A1__permissionsBoundaryType__c`	`Text(255)`	API Call: iam:ListUsers
🔒	Record ID	`Id`	`Text`
🔒	System Modstamp	`SystemModstamp`	`DateTime`
🔒	Tag Count	`CA10__tagCount__c`	`Number(18, 0)`	API Call: iam:ListUserTags
🔒	Tags	`CA10__tags__c`	`LongTextArea(131072)`	API Call: iam:ListUserTags
🔒	Tags JSON	`CA10__tagsJson__c`	`LongTextArea(131072)`	API Call: iam:ListUserTags
🔒	User ID	`CA10__userId__c`	`Text(255)`	API Call: iam:ListUsers
🔒	User Name	`Name`	`Text(80)`	API Call: iam:ListUsers
🔒🔌	User Name	`CA10__userName__c`	`Text(255)`	API Call: iam:ListUsers
🔒	Virtual MFA Enable Date	`CA10__virtualMfaEnableDate__c`	`DateTime`	API Call: iam:ListVirtualMFADevices
🔒	Virtual MFA Serial Number	`CA10__virtualMfaSerialNumber__c`	`Text(255)`	API Call: iam:ListVirtualMFADevices
🔒	Virtual MFA State	`CA10__virtualMfaState__c`	`Text(255)`

Extracts

	Name	Extracts File
🔒	`CA10__credReportAccessKey1Active__c`	🔌 credReport.extracts.yaml
🔒	`CA10__credReportAccessKey1LastRotated__c`	🔌 credReport.extracts.yaml
🔒	`CA10__credReportAccessKey1LastUsed__c`	🔌 credReport.extracts.yaml
🔒	`CA10__credReportAccessKey2Active__c`	🔌 credReport.extracts.yaml
🔒	`CA10__credReportAccessKey2LastRotated__c`	🔌 credReport.extracts.yaml
🔒	`CA10__credReportAccessKey2LastUsed__c`	🔌 credReport.extracts.yaml
🔒	`CA10__credReportAttributesJson__c`	🔌 credReport.extracts.yaml
🔒	`CA10__credReportMfaActive__c`	🔌 credReport.extracts.yaml
🔒	`CA10__credReportPasswordEnabled__c`	🔌 credReport.extracts.yaml
🔒	`CA10__credReportPasswordLastChanged__c`	🔌 credReport.extracts.yaml
🔒	`CA10__credReportPasswordLastUsed__c`	🔌 credReport.extracts.yaml
🔒	`CA10__mfaDeviceType__c`	🔌 object.extracts.yaml
🔒	`CA10__userName__c`	🔌 object.extracts.yaml

Lookups

	Label	API Name	Type
🔒	Account	`CA10__account__c` / `CA10__account__r`	📕 AWS Account
🔒	Application Tier	`CA10__applicationTier__c` / `CA10__applicationTier__r`	CA10__CaApplicationTier__c
🔒	Created By ID	`CreatedById` / `CreatedBy`	User
🔒	Deprecated: Created By User	`CA10__createdByUser__c` / `CA10__createdByUser__r`	📕 AWS IAM User
🔒	Last Modified By ID	`LastModifiedById` / `LastModifiedBy`	User
🔒	Permissions Boundary	`CA10A1__permissionsBoundary__c` / `CA10A1__permissionsBoundary__r`	📕 AWS IAM Policy
🔒	Received Connection ID	`ConnectionReceivedId` / `ConnectionReceived`	PartnerNetworkConnection
🔒	Record Type ID	`RecordTypeId` / `RecordType`	RecordType
🔒	Sent Connection ID	`ConnectionSentId` / `ConnectionSent`	PartnerNetworkConnection

	Related Type	Related List API Name	Foreign Key Field
🔒	📕 AWS Account	`CA10__AWS_Accounts__r`	`CA10__user__c`
🔒	📕 AWS RDS Instance	`CA10__AWS_RDS_Instances__r`	`CA10__createdByUser__c`
🔒	📕 AWS EC2 Image	`CA10__AWS_EC2_Images__r`	`CA10__createdByUser__c`
🔒	📕 AWS EC2 Instance	`CA10__AWS_EC2_Instances__r`	`CA10__createdByUser__c`
🔒	📕 AWS ELB Load Balancer	`CA10__AWS_EC2_Load_Balancers__r`	`CA10__createdByUser__c`
🔒	📕 AWS VPC Network ACL	`CA10__AWS_VPC_Network_ACLs__r`	`CA10__createdByUser__c`
🔒	📕 AWS IAM Role	`CA10__AWS_IAM_Roles__r`	`CA10__createdByUser__c`
🔒	📕 AWS EC2 Security Group Rule	`CA10__AWS_EC2_Security_Group_Rules1__r`	`CA10__createdByUser__c`
🔒	📕 AWS EC2 Security Group	`CA10__AWS_EC2_Security_Groups__r`	`CA10__createdByUser__c`
🔒	📕 AWS EBS Snapshot	`CA10__AWS_EBS_Snapshots__r`	`CA10__createdByUser__c`
🔒	📕 AWS IAM User	`CA10__AWS_IAM_Users__r`	`CA10__createdByUser__c`
🔒	📕 AWS EBS Volume	`CA10__AWS_EBS_Volumes__r`	`CA10__createdByUser__c`
🔒	📕 AWS VPC	`CA10__AWS_VPCs__r`	`CA10__createdByUser__c`

Extract Files

Extract	Type	Flags
🔌 credReport.extracts.yaml	📕 AWS IAM User
🔌 object.extracts.yaml	📕 AWS IAM User

Logic Files

Logic	Policy	Flags
🧠 prod.logic.yaml 🟢	📝 AWS Account Root User credentials were used is the last 30 days 🔴🟢	🟢 x3
🧠 prod.logic.yaml 🟢	📝 AWS Account Root User has active access keys 🟢	🟢 x3
🧠 prod.logic.yaml 🟢	📝 AWS Account Root User MFA is not enabled. 🟢	🟢 x3
🧠 prod.logic.yaml 🟢	📝 AWS IAM User Access Keys are not rotated every 90 days or less 🟢	🟢 x3
🧠 prod.logic.yaml 🟠🟢	📝 AWS IAM User has inline or directly attached policies 🟢	🟠 x1, 🟢 x2
🧠 prod.logic.yaml 🟢	📝 AWS IAM User has more than one active access key 🟢	🟢 x3
🧠 prod.logic.yaml 🟢	📝 AWS IAM User MFA is not enabled for all users with console password 🟢	🟢 x3
🧠 prod.logic.yaml 🟢	📝 AWS IAM User with credentials unused for 45 days or more is not disabled 🟢	🟢 x3

Fields​

Extracts​

Lookups​

Related Lists​

Extract Files​

Logic Files​

Fields

Extracts

Lookups

Related Lists

Extract Files

Logic Files