Using Amazon Detective for IAM investigations
Security Blog
This article provides a guide on using Amazon Detective for investigating IAM users and roles involved in security events. It covers:
- Prerequisites for following along
- Scenario 1: Automated investigations using the Detective console and API to initiate investigations and view details on impacted IAM entities
- Scenario 2: An investigator persona using Detective to analyze the impact of a GuardDuty finding involving an IAM user/role
- Scenario 3: A threat hunter persona using Detective to identify IAM entities communicating with suspicious IP addresses
- Conclusion highlighting the new IAM investigation capability in Detective for automatically detecting compromised IAM entities
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Oct 22
2024
2024
How to use the Amazon Detective API to investigate GuardDuty security findings and enrich data in Security Hub
Oct 17
2024
2024
Use IAM authentication with Amazon DocumentDB (with MongoDB compatibility)
Oct 1
2025
2025
Amazon Detective now supports AWS PrivateLink for private API access
Nov 21
2025
2025
Accelerate investigations with AWS Security Incident Response AI-powered capabilities
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.