Risk Level: Low
Cloud Entity: AWS IAM Policy
CloudGuard Rule ID: D9.CFT.IAM.17
Covered by Spectral: Yes
Category: Security, Identity, & Compliance

GSL LOGIC

AWS_IAM_Policy should not have Users

REMEDIATION

From CFT
Remove AWS::IAM::Policy Users property. Attach the policy to a role or a group instead.

References

AWS IAM Policy

You manage access in AWS by creating policies and attaching them to IAM identities or AWS resources. A policy is an object in AWS that, when associated with an entity or resource, defines their permissions. AWS evaluates these policies when a principal, such as a user, makes a request. Permissions in the policies determine whether the request is allowed or denied. Most policies are stored in AWS as JSON documents.

Compliance Frameworks

AWS CloudFormation ruleset