Fernando Honig

Last Update 2 years ago

Description: Checks that none of your IAM users have policies attached. IAM users must inherit permissions from IAM groups or roles. The rule is NONCOMPLIANT if there is at least one IAM user with policies attached.

Trigger type: Configuration changes

AWS Region: All supported AWS regions

How to Resolve Manually 

To resolve this manually, sign up to your AWS Management Console and navigate to IAM (Identity and Access Management).

Search for the User where this AWS Config Rule is marking as NON_COMPLIANT and take note of the policy permissions.

Create a Managed Policy by going to Policies -> Create Policy. Select the Service(s), Actions, Resources and Request conditions to match the policy previously copied.

When done, attach this new policy to a User group and add your IAM User to this User group. 

Go back to your User and remove the policy from it.

Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here

Was this article helpful?

1 out of 1 liked this article

Still need help? Message Us