Free Assessment

AWS_IAM_22

Ensure IAM policies that allow full '*:*' administrative privileges are not created

Description

IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended and considered a standard security advice to grant least privilege—that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks, instead of allowing full administrative privileges.

Remediation

Using the GUI, perform the following to detach the policy that has full administrative privileges:
1. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/.

2. In the navigation pane, click Policies and then search for the policy name found in the audit step.

3. Select the policy that needs to be deleted.

4. In the policy action menu, select first Detach

5. Select all Users, Groups, Roles that have this policy attached

6. Click Detach Policy

7. In the policy action menu, select Detach

References:

  1. http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html
  2. http://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html
  3. http://docs.aws.amazon.com/cli/latest/reference/iam/index.html#cli-aws-iam

Service

IAM

Severity

High

Compliance

Mapping

Want to Know More?

Learn how our partners are managing their cloud security and compliance with Cloudlytics.

I hereby accept the GDPR and Privacy Policy, by subscribing to the newsletters.

Cloudlytics

Solutions

Resources

Company

Legal

Facebook Twitter Linkedin Youtube
Start Free Trial
Login

CLOSE

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!

Learn More