💼 [IAM.2] IAM users should not have IAM policies attached

Contextual name: 💼 [IAM.2] IAM users should not have IAM policies attached
ID: /frameworks/aws-fsbp-v1.0.0/iam/02
Located in: 💼 Identity and Access Management (IAM)

Description

By default, IAM users, groups, and roles have no access to AWS resources. IAM policies grant privileges to users, groups, or roles. We recommend that you apply IAM policies directly to groups and roles but not to users. Assigning privileges at the group or role level reduces the complexity of access management as the number of users grows. Reducing access management complexity might in turn reduce the opportunity for a principal to inadvertently receive or retain excessive privileges.

Similar

AWS Security Hub
- https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-2
Internal
- ID: dec-c-f30c69d2

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies
💼 NIST SP 800-53 Revision 5 → 💼 AC-2 Account Management	13	20	34
💼 NIST SP 800-53 Revision 5 → 💼 AC-2(1) Account Management _ Automated System Account Management		4	16
💼 NIST SP 800-53 Revision 5 → 💼 AC-3 Access Enforcement	15	5	37
💼 NIST SP 800-53 Revision 5 → 💼 AC-3(7) Access Enforcement _ Role-based Access Control			14
💼 NIST SP 800-53 Revision 5 → 💼 AC-3(15) Access Enforcement _ Discretionary and Mandatory Access Control			11
💼 NIST SP 800-53 Revision 5 → 💼 AC-6 Least Privilege	10	23	49
💼 NIST SP 800-53 Revision 5 → 💼 AC-6(3) Least Privilege _ Network Access to Privileged Commands			2
💼 PCI DSS v3.2.1 → 💼 7.2.1 Coverage of all system components.			7

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Policies (1)

Policy	Logic Count	Flags
📝 AWS IAM User has inline or directly attached policies 🟢	1	🟠 x1, 🟢 x5

Internal Rules

Rule	Policies	Flags
✉️ dec-x-4157c58a	1

Description​

Similar​

Similar Sections (Give Policies To)​

Sub Sections​

Policies (1)​

Internal Rules​