AWS_IAM_39
There should be no Amazon IAM policies (inline and customer managed) that allow full administrative privileges available in your AWS account, in order to promote the principle of least privilege and provide the users, groups and roles that use these policies the minimal amount of access required to perform their tasks.
1. Sign in to the AWS Management Console.
2. Navigate to IAM dashboard.
3. In the left navigation panel, choose Users, Roles or Groups, depending on the IAM entity that you need to select.
4. Click on the name (link) of the IAM user/group/role that you want to reconfigure.
5. Select Permissions tab and choose the customer managed policy that you want to detach. An AWS IAM customer managed policy has the Policy type set to Managed policy.
6. Click the x button to detach the overly permissive policy from the selected AWS IAM entity.
7. Within Detach policy dialog box, review the policy attachment details, then click Detach to disengage the policy from the selected user/group/role.
Want to Know More?
Learn how our partners are managing their cloud security and compliance with Cloudlytics.
I hereby accept the GDPR and Privacy Policy, by subscribing to the newsletters.
