AWS_IAM_39

Ensure all IAM User have least reqired Policies

Description

There should be no Amazon IAM policies (inline and customer managed) that allow full administrative privileges available in your AWS account, in order to promote the principle of least privilege and provide the users, groups and roles that use these policies the minimal amount of access required to perform their tasks.

Remediation

1. Sign in to the AWS Management Console.

2. Navigate to IAM dashboard.

3. In the left navigation panel, choose Users, Roles or Groups, depending on the IAM entity that you need to select.

4. Click on the name (link) of the IAM user/group/role that you want to reconfigure.

5. Select Permissions tab and choose the customer managed policy that you want to detach. An AWS IAM customer managed policy has the Policy type set to Managed policy.

6. Click the x button to detach the overly permissive policy from the selected AWS IAM entity.

7. Within Detach policy dialog box, review the policy attachment details, then click Detach to disengage the policy from the selected user/group/role.

Service

IAM

Severity

Low

Compliance

Mapping

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!