AWS Config Rule: IAM GROUP HAS USERS CHECK

Description: Checks whether IAM groups have at least one IAM user.

Trigger type: Configuration changes

AWS Region: All supported AWS regions

This particular AWS Config Rule checks if you have an IAM Group without any IAM Users inside.

To resolve this manually, sign up to your AWS Management Console and go to IAM (Identity and Access Management).

In your left menu, select User groups and find the NON_COMPLIANT group and Delete the group.

This remediation can be enabled through the StackZone Config Rules Global

Go to Baseline Services -> Config Rules Global -> IAM -> Remediation and enable IAM Group Has No Users Remediation

This remediation will delete all unused groups in all AWS Accounts that are managed by StackZone

Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here