New doc for AWS IAM users (app) (#5750)

Author: amee-sumo

blog-service/2025-09-05-apps.md

@@ -0,0 +1,12 @@
+---
+title: AWS IAM Users (Apps)
+image: https://help.sumologic.com/img/reuse/rss-image.jpg
+keywords:
+  - apps
+  - aws-iam-users
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+We're excited to introduce the new AWS IAM Users app for Sumo Logic. This app helps you monitor and analyze user-related data, enabling you to optimize security practices and ensure compliance within your AWS account. [Learn more](/docs/integrations/saas-cloud/aws-iam-users/).

cid-redirects.json

@@ -2920,6 +2920,7 @@
   "/cid/11000": "/docs/platform-services/automation-service/automation-service-playbooks",
   "/cid/1105": "/docs/integrations/cloud-security-monitoring-analytics/aws-security-hub-ocsf",
   "/cid/1106": "/docs/integrations/sumo-apps/opentelemetry-collector-insights",
+  "/cid/1107": "/docs/integrations/saas-cloud/aws-iam-users",
   "/Cloud_SIEM_Enterprise": "/docs/cse",
   "/Cloud_SIEM_Enterprise/Administration": "/docs/cse/administration",
   "/Cloud_SIEM_Enterprise/Administration/Cloud_SIEM_Enterprise_Feature_Update_(2022)": "/docs/cse/administration",

docs/integrations/product-list/product-list-a-l.md

@@ -109,7 +109,7 @@ For descriptions of the different types of integrations Sumo Logic offers, see [
 |  <img src={useBaseUrl('img/send-data/AWSGovCloudUS-Logo.jpeg')} alt="Thumbnail icon" width="50"/>   |  [AWS GovCloud](https://aws.amazon.com/govcloud-us) | 	Collector: [Collection from AWS GovCloud](/docs/send-data/hosted-collectors/amazon-aws/collection-aws-govcloud/)	 |
 |  <img src={useBaseUrl('img/integrations/amazon-aws/aws-ground-station-logo.png')} alt="Thumbnail icon" width="50"/>   | [AWS Ground Station](https://aws.amazon.com/ground-station/)  | 	App: [AWS Ground Station](/docs/integrations/amazon-aws/aws-ground-station/)	 |
 |  <img src={useBaseUrl('img/integrations/amazon-aws/aws-healthlake-logo.png')} alt="Thumbnail icon" width="50"/>   | [AWS HealthLake](https://aws.amazon.com/healthlake/)  | App: [AWS HealthLake](/docs/integrations/amazon-aws/aws-healthlake/)	 |
-| <img src={useBaseUrl('img/integrations/misc/aws-iam-logo.png')} alt="Thumbnail icon" width="50"/> | [AWS Identity and Access Management](https://aws.amazon.com/iam/) | Automation Integration: [AWS IAM](/docs/platform-services/automation-service/app-central/integrations/aws-iam/)<br/>Collector: [AWS IAM Users](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/aws-iam-users-source) |
+| <img src={useBaseUrl('img/integrations/misc/aws-iam-logo.png')} alt="Thumbnail icon" width="50"/> | [AWS Identity and Access Management](https://aws.amazon.com/iam/) | App: [AWS IAM Users](/docs/integrations/saas-cloud/aws-iam-users) <br/>Automation Integration: [AWS IAM](/docs/platform-services/automation-service/app-central/integrations/aws-iam/)<br/>Collector: [AWS IAM Users](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/aws-iam-users-source) |
 |  <img src={useBaseUrl('img/integrations/amazon-aws/lambda.png')} alt="Thumbnail icon" width="50"/>   | [AWS Lambda](https://aws.amazon.com/pm/lambda/)  | App: [AWS Lambda](/docs/integrations/amazon-aws/lambda/)	<br/>Collectors: <br/>- [Create a Sumo Lambda Function](/docs/send-data/collect-from-other-data-sources/create-amazon-lambda-function/) <br/>- [Collect AWS Lambda Logs using an Extension](/docs/send-data/collect-from-other-data-sources/collect-aws-lambda-logs-extension/) <br/>-  [AWS Lambda Extension Performance Impact and Failover Handling](/docs/send-data/collect-from-other-data-sources/performance-impact-failover-handling/) <br/>Webhook: [Webhook Connection for AWS Lambda](/docs/alerts/webhook-connections/aws-lambda/) |
 |  <img src={useBaseUrl('img/integrations/amazon-aws/network-firewall.png')} alt="Thumbnail icon" width="50"/>   | [AWS Network Firewall](https://aws.amazon.com/network-firewall/)  | App:	[AWS Network Firewall](/docs/integrations/amazon-aws/network-firewall/)	<br/>Automation integration: [AWS Network Firewall](/docs/platform-services/automation-service/app-central/integrations/aws-network-firewall/) <br/>Cloud SIEM integration: [Amazon AWS - Network Firewall](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/products/3a82061c-2ca3-4289-9c9b-78756001aa38.md) |
 |  <img src={useBaseUrl('img/integrations/amazon-aws/networkLoadBalancer.png')} alt="Thumbnail icon" width="50"/>   |  [AWS Network Load Balancer](https://aws.amazon.com/elasticloadbalancing/network-load-balancer/) | 	App: [AWS Network Load Balancer](/docs/integrations/amazon-aws/network-load-balancer/)	 |

docs/integrations/saas-cloud/aws-iam-users.md

@@ -0,0 +1,109 @@
+---
+id: aws-iam-users
+title: AWS IAM Users
+sidebar_label: AWS IAM Users
+description: The AWS IAM Users app for Sumo Logic helps monitor user activity and security within your AWS environment.
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<img src={useBaseUrl('img/integrations/misc/aws-iam-logo.png')} alt="logo" width="80" />
+
+The Sumo Logic app for AWS IAM Users provides clear insights into user activity and security within your AWS environment. Its intuitive dashboard helps you monitor and analyze user data to strengthen security and support compliance. With powerful visualizations, security teams can track user behavior, detect anomalies, and spot unauthorized access attempts. The app also helps monitor permissions, enforce best practices, and improve overall user management. Stay secure and informed with real-time monitoring and actionable insights from the AWS IAM Users app on Sumo Logic.
+
+## Log types
+
+This app uses Sumo Logic’s [AWS IAM Users Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/aws-iam-users-source/) to collect the users logs from the AWS IAM Users platform.
+
+### Sample log messages
+
+```json title="Users Log"
+{
+    "Arn": "arn:aws:iam::987883700038:user/alice",
+    "CreateDate": "2024-03-20T07:57:17Z",
+    "Path": "/",
+    "UserId": "AIDA522VHNHFBP4UFAXLG",
+    "UserName": "alice",
+    "PasswordLastUsed": "2025-08-11T04:48:52Z",
+    "PermissionsBoundary": null,
+    "Tags": null
+}
+```
+
+### Sample queries
+
+```sql title="Total Users"
+_sourceCategory="Labs/AWSIAMUsers"
+| json "UserId", "UserName", "CreateDate", "PasswordLastUsed", "PermissionsBoundary", "Arn" as user_id, user_name, create_date, password_last_used, permission_boundry, arn nodrop
+
+// global filters
+| where user_name matches "{{user_name}}"
+
+// panel specific
+| count by user_id
+| count
+```
+
+```sql title="Never Logged Users"
+_sourceCategory="Labs/AWSIAMUsers"
+| json "UserId", "UserName", "CreateDate", "PasswordLastUsed", "PermissionsBoundary", "Arn" as user_id, user_name, create_date, password_last_used, permission_boundry, arn nodrop
+
+// global filters
+| where user_name matches "{{user_name}}"
+
+// panel specific
+| where isNull(password_last_used)
+| count by create_date, user_id, user_name
+| fields - _count 
+| sort by create_date asc
+```
+
+## Collection configuration and app installation
+
+import CollectionConfiguration from '../../reuse/apps/collection-configuration.md';
+
+<CollectionConfiguration/>
+
+:::important
+Use the [Cloud-to-Cloud Integration for AWS IAM Users](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/aws-iam-users-source/) to create the source and use the same source category while installing the app. By following these steps, you can ensure that your AWS IAM Users app is properly integrated and configured to collect and analyze your AWS IAM Users data.
+:::
+
+### Create a new collector and install the app
+
+import AppCollectionOPtion1 from '../../reuse/apps/app-collection-option-1.md';
+
+<AppCollectionOPtion1/>
+
+### Use an existing collector and install the app
+
+import AppCollectionOPtion2 from '../../reuse/apps/app-collection-option-2.md';
+
+<AppCollectionOPtion2/>
+
+### Use an existing source and install the app
+
+import AppCollectionOPtion3 from '../../reuse/apps/app-collection-option-3.md';
+
+<AppCollectionOPtion3/>
+
+## Viewing the AWS IAM Users dashboards​​
+
+import ViewDashboards from '../../reuse/apps/view-dashboards.md';
+
+<ViewDashboards/>
+
+### Overview
+
+The **AWS IAM Users - Overview** dashboard provides a clear view of user activity, status, and security within AWS IAM. It highlights key metrics such as total users, login trends, newly created accounts, and the status of active, inactive, or never-logged-in users. This centralized dashboard helps security teams monitor user activity, detect potential risks, and ensure compliance with IAM best practices—improving both security and operational efficiency.<br/><img src='https://sumologic-app-data-v2.s3.us-east-1.amazonaws.com/dashboards/AWS-IAM-Users/AWS+IAM+Users+-+Overview.png' alt="AWS IAM Users - Overview" />
+
+## Upgrading the AWS IAM Users app (Optional)
+
+import AppUpdate from '../../reuse/apps/app-update.md';
+
+<AppUpdate/>
+
+## Uninstalling the AWS IAM Users app (Optional)
+
+import AppUninstall from '../../reuse/apps/app-uninstall.md';
+
+<AppUninstall/>

docs/integrations/saas-cloud/index.md

@@ -75,6 +75,12 @@ Learn about the Sumo Logic apps for SaaS and Cloud applications.
   <p>Gain insights into Automox events and audit data to enhance security monitoring, streamline endpoint management, and boost operational resilience.</p>
   </div>
 </div>
+<div className="box smallbox card">
+  <div className="container">
+  <a href="/docs/integrations/saas-cloud/aws-iam-users"><img src={useBaseUrl('img/integrations/misc/aws-iam-logo.png')} alt="aws-iam-users-logo" width="60" /><h4>AWS IAM Users</h4></a>
+  <p>Gain insights into AWS IAM Users events to enhance user activity and security within your AWS environment.</p>
+  </div>
+</div>
 <div className="box smallbox card">
   <div className="container">
   <a href="/docs/integrations/saas-cloud/bitwarden"><img src={useBaseUrl('img/integrations/security-threat-detection/bitwarden.png')} alt="bitwarden-icon.png" width="100" /><h4>Bitwarden</h4></a>

sidebars.ts

@@ -2546,6 +2546,7 @@ integrations: [
           'integrations/saas-cloud/asana',
           'integrations/saas-cloud/atlassian',
           'integrations/saas-cloud/automox',
+          'integrations/saas-cloud/aws-iam-users',
           'integrations/saas-cloud/bitwarden',
           'integrations/saas-cloud/box',
           'integrations/saas-cloud/cato-networks',