Ensure IAM User do not have administrator privileges

Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions

Risk Level: Low
Cloud Entity: IAM User
CloudGuard Rule ID: D9.AWS.IAM.89
Covered by Spectral: Yes
Category: Security, Identity, & Compliance

GSL LOGIC

IamUser should not have combinedPolicies with [ name like 'AdministratorAccess' ]

REMEDIATION

From Portal

  1. Go to 'IAM'
  2. In the menu, under 'Access management', choose 'User'
  3. Select the incompliant users
  4. Click on 'X' next to 'AdministratorAccess' group
  5. Click 'Remove from group'

From Command Line
To remove the specified managed policy from a specified user, run:

aws iam detach-user-policy --user-name USER-NAME --policy-arn POLICY-ARN

References

  1. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups_manage_add-remove-users.html
  2. https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction_access-management.html

IAM User

An IAM user is an entity that you create in AWS to represent the person or service that uses it to interact with AWS. A user in AWS consists of a name and credentials.

Compliance Frameworks

  • AWS CIS Controls V 8
  • AWS CSA CCM v.4.0.1
  • AWS CloudGuard Best Practices
  • AWS CloudGuard SOC2 based on AICPA TSC 2017
  • AWS HITRUST v11.0.0
  • AWS ISO27001:2022
  • AWS MITRE ATT&CK Framework v11.3
  • AWS NIST 800-53 Rev 5
  • AWS PCI-DSS 4.0
  • AWS Security Risk Management
  • CloudGuard AWS All Rules Ruleset