IAM Users Are in Specified User Groups
Rule Details
|
Parameter |
Description |
|---|---|
|
Rule Name |
iam-user-group-membership-check |
|
Identifier |
iam-user-group-membership-check |
|
Description |
If an IAM user is not in any of the specified IAM user groups, this user is noncompliant. |
|
Tag |
iam |
|
Trigger Type |
Configuration change |
|
Filter Type |
iam.users |
|
Configure Rule Parameters |
groupIds: user group IDs. If no user group IDs are specified, the evaluation covers all user groups. The value must be an array with up to 10 elements. |
Applicable Scenario
The administrator can assign permissions to user groups and add users to these groups. Adding or removing users from a user group allows you to efficiently manage user permissions.
Solution
You can add noncompliant IAM users to some user groups. You can also disable or delete these users if you do not need them any longer.
Rule Logic
- If an IAM user is disabled, this user is compliant.
- If an enabled IAM user has been added to at least one user group, and no user groups are specified, this IAM user is compliant.
- If an enabled IAM user has not been added to any user groups, and no user groups are specified, this IAM user is noncompliant.
- If an enabled IAM user has been added to any of the specified user groups, this IAM user is compliant.
- If an enabled IAM user has not been added to any of the specified user groups, this IAM user is noncompliant.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
