πΌ [IAM.2] IAM users should not have IAM policies attached
- Contextual name: πΌ [IAM.2] IAM users should not have IAM policies attached
- ID:
/frameworks/aws-fsbp-v1.0.0/iam/02 - Located in: πΌ Identity and Access Management (IAM)
Descriptionβ
By default, IAM users, groups, and roles have no access to AWS resources. IAM policies grant privileges to users, groups, or roles. We recommend that you apply IAM policies directly to groups and roles but not to users. Assigning privileges at the group or role level reduces the complexity of access management as the number of users grows. Reducing access management complexity might in turn reduce the opportunity for a principal to inadvertently receive or retain excessive privileges.
Similarβ
- AWS Security Hub
- Internal
- ID:
dec-c-f30c69d2
- ID:
Similar Sections (Give Policies To)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ NIST SP 800-53 Revision 5 β πΌ AC-2 Account Management | 13 | 17 | 30 | |
| πΌ NIST SP 800-53 Revision 5 β πΌ AC-2(1) Account Management _ Automated System Account Management | 4 | 16 | ||
| πΌ NIST SP 800-53 Revision 5 β πΌ AC-3 Access Enforcement | 15 | 4 | 17 | |
| πΌ NIST SP 800-53 Revision 5 β πΌ AC-3(7) Access Enforcement _ Role-based Access Control | 7 | |||
| πΌ NIST SP 800-53 Revision 5 β πΌ AC-3(15) Access Enforcement _ Discretionary and Mandatory Access Control | 10 | |||
| πΌ NIST SP 800-53 Revision 5 β πΌ AC-6 Least Privilege | 10 | 21 | 26 | |
| πΌ NIST SP 800-53 Revision 5 β πΌ AC-6(3) Least Privilege _ Network Access to Privileged Commands | 2 | |||
| πΌ PCI DSS v3.2.1 β πΌ 7.2.1 Coverage of all system components. | 5 |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|
Policies (1)β
| Policy | Logic Count | Flags |
|---|---|---|
| π AWS IAM User has inline or directly attached policies π’ | 1 | π x1, π’ x5 |
Internal Rulesβ
| Rule | Policies | Flags |
|---|---|---|
| βοΈ dec-x-4157c58a | 1 |