All IAM Policies Are in Use
Rule Details
|
Parameter |
Description |
|---|---|
|
Rule Name |
iam-policy-in-use |
|
Identifier |
iam-policy-in-use |
|
Description |
If an IAM policy has not been attached to any IAM users, user groups, or agencies, this policy is noncompliant. |
|
Tag |
iam |
|
Trigger Type |
Configuration change |
|
Filter Type |
iam.policies |
|
Rule Parameter |
None |
Applicable Scenario
This rule allows you to detect IAM policies that haven't been attached to any IAM users, user groups, or agencies, so that you can avoid unintended authorization with these policies.
Solution
If you need the detected unused policies, attach these policies to IAM users, user groups or agencies. If you do not, delete them.
Rule Logic
- If an IAM policy has been attached to an IAM user, user group, or agency, this policy is compliant.
- If an IAM policy has not been attached to any IAM users, user groups, or agencies, this policy is noncompliant.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
