| ๐ผ [IAM.1] IAM policies should not allow full "*" administrative privileges | | 1 | 1 | |
| ๐ผ [IAM.2] IAM users should not have IAM policies attached | | 1 | 1 | |
| ๐ผ [IAM.3] IAM users' access keys should be rotated every 90 days or less | | 1 | 1 | |
| ๐ผ [IAM.4] IAM root user access key should not exist | | 1 | 1 | |
| ๐ผ [IAM.5] MFA should be enabled for all IAM users that have a console password | | | 1 | |
| ๐ผ [IAM.6] Hardware MFA should be enabled for the root user | | | 1 | |
| ๐ผ [IAM.7] Password policies for IAM users should have strong configurations | | 1 | 2 | |
| ๐ผ [IAM.8] Unused IAM user credentials should be removed | | | 1 | |
| ๐ผ [IAM.21] IAM customer managed policies that you create should not allow wildcard actions for services | | | | |