IAM Users Do Not Have Directly Assigned Policies or Permissions
Rule Details
|
Parameter |
Description |
|---|---|
|
Rule Name |
iam-user-no-policies-check |
|
Identifier |
iam-user-no-policies-check |
|
Description |
If an IAM user has any directly assigned policies or permissions, the IAM user is noncompliant. |
|
Tag |
iam |
|
Trigger Type |
Configuration change |
|
Filter Type |
iam.users |
|
Configure Rule Parameters |
None |
Applicable Scenario
To assign IAM users permissions, you are advised to add users to a user group and assign permissions to the user group. This makes it easier to manage permissions and helps prevent excessive authorization. For more details, see Assigning Permissions to an IAM User.
Solution
You can remove the policies or permissions from noncompliant IAM users and then, create a user group, add the users to the user group, and add the policies or permissions to the user group.
Rule Logic
- If an IAM user has any directly assigned policies or permissions, the IAM user is noncompliant.
- If an IAM user does not have directly assigned policies or permissions, the IAM user is compliant.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
