All IAM Roles Are in Use
Rule Details
|
Parameter |
Description |
|---|---|
|
Rule Name |
iam-role-in-use |
|
Identifier |
iam-role-in-use |
|
Description |
If an IAM role has not been attached to any IAM users, user groups, or agencies, this role is noncompliant. |
|
Tag |
iam |
|
Trigger Type |
Configuration change |
|
Filter Type |
iam.roles |
|
Rule Parameter |
None |
Applicable Scenario
This rule allows you to detect IAM roles that haven't been attached to any IAM users, user groups, or agencies, so that you can avoid unintended authorization with these policies.
Solution
If you need the detected unused roles, attach these roles to IAM users, user groups or agencies. If you do not, delete them.
Rule Logic
- If an IAM role has been attached to an IAM user, user group, or agency, this role is compliant.
- If an IAM role has not been attached to any IAM users, user groups, or agencies, this role is noncompliant.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
