AWS Security Blog

Introducing IAM Console Search

We continually review your input submitted via the Feedback link on the AWS Identity and Access Management (IAM) console. Based on our recent review of that feedback, one of the features most frequently requested by you is the ability to search for an IAM user with their associated access key ID. To address this request in particular and the search feature in general within the IAM console, we asked ourselves a simple question: “How can we help AWS customers find things more easily in the IAM console?” The answer to that question is the new IAM console search.

In this blog post, I will walk you through the new IAM console search that allows you to search for your IAM entities (users, groups, and roles), policies by name, identity provider, tasks, and—most importantly—access keys.

Using the IAM console search

To use the IAM console search, first sign in to your AWS account and then go to the IAM console. Let’s say you want to search for all the IAM entities you created previously for testing purposes. All you can remember is that the entity names have the word “test” in them. Click in the Search box in the navigation pane of the IAM console as shown in the following screenshot.

Image of IAM search box

In the Search box that is displayed, type the word test. The result set as shown in the next screenshot lists all IAM entities that have “test in their names.

Image of search results for "test"

The entities are differentiated by the icons associated with them, which are shown in the following image. See the IAM console search documentation for more details about the icons and the search result items they represent.

Table of IAM search icons

Access key ID search

Now, let’s say you scanned your AWS log file and found that one of your users made a critical update to your Amazon S3 bucket. You are interested in finding out who the user is, but the only data available in the log is their access key ID. Previously, there was no easy way to search for the user by their access key ID; you would have needed to go to your users’ detail pages one at a time to see if their access key ID matched the access key ID in question.

Starting today, all you need to do is type the access key ID from the log file in the IAM console Search box, as shown in the following screenshot. The user associated with this access key ID is shown as a result. Note that you must type the full access key ID when searching.

Image of access key ID search

Search by actionable task

Where would you start in the IAM console if you wanted to create a new user? Try this: click in the Search box and type create. One of the search results returned is Create user, as shown in the following screenshot. (Every search result returned is an actionable link.) Click Create user, and you will be taken to the Create User page.

Image of results from task search

Other examples of actionable tasks you can search by:

  • delete role example_role
  • change group name example_group_name
  • manage password for example_user_name
  • attach policy to example
  • how do I use the IAM console

For a detailed list of search keywords, see the IAM console search documentation.

We are interested in hearing how you use the new IAM console search and your ideas about how to improve it. Post your comments below, or visit the IAM forum with questions and comments.

– Rob