---
names:
  full: AWS IAM User is not managed centrally in multi-account environments
  contextual: AWS IAM User is not managed centrally in multi-account environments
description: "In multi-account environments, IAM user centralization facilitates greater\
  \ user control. User access beyond the initial account is then provided via role\
  \ assumption. Centralization of users can be accomplished through federation with\
  \ an external identity provider or through the use of AWS Organizations."
impossible: true
type: COMPLIANCE_POLICY
categories:
  - SECURITY
frameworkMappings:
  - "/frameworks/cis-aws-v7.0.0/02/19"
  - "/frameworks/cloudaware/identity-and-access-governance/user-account-management"
similarPolicies:
  cloudConformity:
    - url: https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/IAM/aws-multi-account-centralized-management.html
      name: AWS Multi-Account Centralized Management