💼 1.22 Ensure access to AWSCloudShellFullAccess is restricted (Manual)

Contextual name: 💼 1.22 Ensure access to AWSCloudShellFullAccess is restricted (Manual)
ID: /frameworks/cis-aws-v4.0.1/01/22
Located in: 💼 1 Identity and Access Management

Description

AWS CloudShell is a convenient way of running CLI commands against AWS services; a managed IAM policy ('AWSCloudShellFullAccess') provides full access to CloudShell, which allows file upload and download capability between a user's local system and the CloudShell environment. Within the CloudShell environment, a user has sudo permissions and can access the internet. Therefore, it is feasible to install file transfer software, for example, and move data from CloudShell to external internet servers.

Similar

Sections
- /frameworks/cis-aws-v5.0.0/01/21
- /frameworks/cis-aws-v4.0.0/01/22

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 CIS AWS v4.0.0 → 💼 1.22 Ensure access to AWSCloudShellFullAccess is restricted (Manual)			1
💼 CIS AWS v5.0.0 → 💼 1.21 Ensure access to AWSCloudShellFullAccess is restricted (Manual)			1

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 CIS AWS v4.0.0 → 💼 1.22 Ensure access to AWSCloudShellFullAccess is restricted (Manual)			1
💼 CIS AWS v5.0.0 → 💼 1.21 Ensure access to AWSCloudShellFullAccess is restricted (Manual)			1

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Policies (1)

Policy	Logic Count	Flags
📝 AWS IAM AWSCloudShellFullAccess Policy is attached 🟢	1	🟢 x6

Description​

Similar​

Similar Sections (Take Policies From)​

Similar Sections (Give Policies To)​

Sub Sections​

Policies (1)​