IAM Agencies Contain Specified Policies
Rule Details
|
Parameter |
Description |
|---|---|
|
Rule Name |
iam-agencies-managed-policy-check |
|
Identifier |
iam-agencies-managed-policy-check |
|
Description |
If an IAM agency does not contain the specified policies and roles, this agency is non-compliant. |
|
Tag |
iam |
|
Trigger Type |
Configuration change |
|
Filter Type |
iam.agencies |
|
Rule Parameters |
|
Application Scenarios
When you assign permissions to control resource access, the least privilege principles should be applied. This rule allows you to detect agencies that do not contain the required policies or rules, so that you can avoid granting excessive permissions with these agencies.
Solution
You can attach the required roles or policies to the non-compliant agencies. For more details, see Assigning Agency Permissions to an IAM User.
Rule Logic
- If an IAM agency does not contain all the specified policies and roles, this agency is non-compliant.
- If an IAM agency contains all the specified policies and roles, this agency is compliant.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
