Access Mode Check
Rule Details
Parameter |
Description |
---|---|
Rule Name |
iam-user-access-mode |
Identifier |
iam-user-access-mode |
Description |
If an IAM user has both console and API access enabled, this user is noncompliant. |
Tag |
iam |
Trigger Type |
Configuration change |
Filter Type |
iam.users |
Configure Rule Parameters |
None |
Applicable Scenario
This rule ensures that an IAM user cannot access cloud services through both the console and APIs. There are two methods for accessing a cloud service:
- Programmatic access: Users access cloud services by using development tools, such as APIs, CLI, and SDKs with an access key or a password.
- Management console access: Users access cloud services through the management console with a password.
Solution
You can modify noncompliant IAM users to only allow them to access cloud services either by using a programmatic method or the management console.
Rule Logic
- If an IAM user is disabled, this user is compliant.
- If an IAM user is enabled, but is not allowed to access cloud services by using both the programmatic methods and the management console, this user is compliant.
- If an IAM user is enabled, but is allowed to access cloud services by using both the programmatic methods and the management console, this user is noncompliant.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot