Ensure that IAM user does not have directly embedded policy
If a policy is directly embedded into a user, it becomes a security management overhead. Attach a policy to a role or a user group instead.
Risk Level: Low
Cloud Entity: IAM User
CloudGuard Rule ID: D9.CFT.IAM.19
Covered by Spectral: Yes
Category: Security, Identity, & Compliance
GSL LOGIC
AWS_IAM_User should not have Policies
REMEDIATION
From CFT
Remove AWS::IAM::User Policies
property. Attach the policy to a role or a user group instead.
References
- https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html
- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html
IAM User
An IAM user is an entity that you create in AWS to represent the person or service that uses it to interact with AWS. A user in AWS consists of a name and credentials.
Compliance Frameworks
- AWS CloudFormation ruleset
Updated over 1 year ago