💼 [IAM.2] IAM users should not have IAM policies attached
- ID:
/frameworks/aws-fsbp-v1.0.0/iam/02
Description
By default, IAM users, groups, and roles have no access to AWS resources. IAM policies grant privileges to users, groups, or roles. We recommend that you apply IAM policies directly to groups and roles but not to users. Assigning privileges at the group or role level reduces the complexity of access management as the number of users grows. Reducing access management complexity might in turn reduce the opportunity for a principal to inadvertently receive or retain excessive privileges.
Similar
- AWS Security Hub
- Internal
- ID:
dec-c-f30c69d2
- ID:
Similar Sections (Give Policies To)
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 NIST SP 800-53 Revision 5 → 💼 AC-2 Account Management | 13 | 20 | 44 | no data | |
| 💼 NIST SP 800-53 Revision 5 → 💼 AC-2(1) Account Management _ Automated System Account Management | 4 | 23 | no data | ||
| 💼 NIST SP 800-53 Revision 5 → 💼 AC-3 Access Enforcement | 15 | 5 | 53 | no data | |
| 💼 NIST SP 800-53 Revision 5 → 💼 AC-3(7) Access Enforcement _ Role-based Access Control | 26 | no data | |||
| 💼 NIST SP 800-53 Revision 5 → 💼 AC-3(15) Access Enforcement _ Discretionary and Mandatory Access Control | 18 | no data | |||
| 💼 NIST SP 800-53 Revision 5 → 💼 AC-6 Least Privilege | 10 | 23 | 64 | no data | |
| 💼 NIST SP 800-53 Revision 5 → 💼 AC-6(3) Least Privilege _ Network Access to Privileged Commands | 2 | no data | |||
| 💼 PCI DSS v3.2.1 → 💼 7.2.1 Coverage of all system components. | 11 | no data |
Sub Sections
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|
Policies (1)
| Policy | Logic Count | Flags | Compliance |
|---|---|---|---|
| 🛡️ AWS IAM User has inline or directly attached policies🟢 | 1 | 🟠 x1, 🟢 x5 | no data |
Internal Rules
| Rule | Policies | Flags |
|---|---|---|
| ✉️ dec-x-4157c58a | 1 |