website logo
HomeGithubSlack
⌘K
Overview
Quick Start
Supported Services
Running CloudGraph in EKS
Compliance
Rules Engine
AWS
Querying AWS Data
AWS Policy Packs
Billing Data
Services
Azure
Querying Azure Data
Azure Policy Packs
Services
GCP
Querying GCP Data
GCP Policy Packs
Services
K8s
Querying Kubernetes Data
Services
Docs powered by archbee 
20min

IAM User

Note: if you are running CloudGraph locally you can view the interactive, automatically generated documentation in either GraphQL Playground or Altair by clicking the docs button on the right-hand side of the screen. After reading the below information we highly suggest you use one of these tools to test your queries as they will autocomplete fields for you and let you know if your queries are valid before you even submit them.

Overview

You can currently query the following attributes and connections on an AWS IAM User

GraphQL
|

Filtering

Get data for a single AWS IAM User that you know the ID for:

GraphQL
|

Get data for all of the IAM Users in a certain AWS account:

GraphQL
|

Get data for all of the IAM Users that are NOT in a certain AWS account:

GraphQL
|

Advanced Filtering

Get data for all of the IAM Users that are members of a group:

GraphQL
|

Use multiple filter selectors, (i.e. has, and, not, or) to get data for all of the IAM Users that are part of Groups AND have Access Key data OR that do not have Tags. Note that you can use has, and, not, or completely independently of each other:

GraphQL
|

You may also filter using a regex when filtering on a string field like, name if you want to look for a value that contains the word, production (case insensitive):

GraphQL
|

Ordering

You can order the results you get back either asc or desc depending on your preference:

GraphQL
|

Only select and return the first two IAM Users that are found:

GraphQL
|

Only select and return the first two IAM Users that are found, but offset by one so IAM Users two & three are returned:

GraphQL
|

Aggregation

Count the number of IAM Users across all scanned AWS accounts:

GraphQL
|

Count the number of IAM Users in a single account. Note that you can apply all of the same filters that are listed above to aggregate queries:

GraphQL
|

Examples

Find all the IAM Users that for your dev env:

GraphQL
|

Find all the IAM Users in account 12345:

GraphQL
|

Find all of the IAM Users that have a tag of Environment:Production for a single AWS Account:

GraphQL
|

With CloudGraph you can run multiple queries at the same time so you can combine the above two queries if you like:

GraphQL
|

Kitchen Sink

Putting it all together; get all data for all IAM Users across all regions for all scanned AWS accounts in a single query. For the purposes of this example we will only get direct children of the IAM Users but if you want to it's easy to go from say, an IAM User -> IAM Group -> All IAM Users for that Group etc:

GraphQL
|

References

Dgraph documentation on querying

AWS IAM User documentation

Updated 04 Mar 2022
Did this page help you?
Yes
No
UP NEXT
IAM Instance Profile
Docs powered by archbee 
TABLE OF CONTENTS
Overview
Filtering
Advanced Filtering
Ordering
Aggregation
Examples
Kitchen Sink
References