IAM Settings

Details on InsightCloudSec IAM Settings

The IAM Settings page in InsightCloudSec is divided into two sections:

  • LPA Configuration -- Hosts the settings and configuration for the InsightCloudSec Least-Privileged Access (LPA) feature
  • Cache Settings -- Displays the IAM cache build status
16001600

IAM Settings

LPA Configuration

The InsightCloudSec LPA feature requires varying configuration for both AWS and Azure. Details on setup, support, and usage are included on the following pages:

Cache Settings

The Cache Settings page displays the IAM cache build status for the Access Explorer. Every 10 minutes, InsightCloudSec diagnoses any changes to the Access Explorer Settings, calculates the best time to rebuild the cache based on available compute resources, and then initiates a cache rebuild.

Note: Access Explorer currently only supports AWS and requires a separate license. Review Getting Started with Access Explorer or contact Customer Support via the portal for more information.

A list of possible cache statuses follows:

  • Currently recomputing Effective Access data for one or more accounts -- There are some accounts that require a full recompute; this will happen on the first run (because everything needs to be computed the first time), if there’s an update to the InsightCloudSec analyzer, if there were any changes to Service Control Policies (which restrict access within accounts), or if particular accounts have gone too long without an update. This is a normal happy state.
  • Effective Access data for all accounts have been computed -- InsightCloudSec has finished at least one full pass for each account and none of the triggers mentioned above require a full recompute of any accounts. At this stage, InsightCloudSec will just recompute access when changes are detected for principals or resources.
  • The Differential Cache has not been configured, so there is no data or status to show -- If InsightCloudSec detects that no infrastructure has been configured/enabled for the differential cache. Contact Customer Support or your CSM if you see this status.
  • Some accounts might be lagging behind -- When InsightCloudSec has processed all the accounts the first time, but the rate at which InsightCloudSec is re-processing accounts with changes is not fast enough to recompute all accounts every 24 hours. This may be related to not having enough compute power to re-compute changes quickly enough; contact Customer Support or your CSM if you see this status for a lengthy period of time.
24462446

Cache Settings


Did this page help you?