IAM Agencies Contain Specified Policies
Rule Details
|
Parameter |
Description |
|---|---|
|
Rule Name |
iam-agencies-managed-policy-check |
|
Identifier |
iam-agencies-managed-policy-check |
|
Description |
If an IAM agency does not contain the specified policies and roles, this agency is noncompliant. |
|
Tag |
iam |
|
Trigger Type |
Configuration change |
|
Filter Type |
iam.agencies |
|
Configure Rule Parameters |
|
Applicable Scenario
When you assign permissions to control resource access, the least privilege principles should be applied. This rule allows you to detect agencies that do not contain the required policies or rules, so that you can avoid granting excessive permissions with these agencies.
Solution
You can attach the required roles or policies to the noncompliant agencies. For more details, see Authorizing IAM Users to Manage Resources of an Account.
Rule Logic
- If an IAM agency does not contain all the specified policies and roles, this agency is noncompliant.
- If an IAM agency contains all the specified policies and roles, this agency is compliant.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
