Risk Level: Low
Cloud Entity: IAM SAML Identity Provider
CloudGuard Rule ID: D9.AWS.IAM.66
Category: Security, Identity, & Compliance
List<IamSAMLProvider> should have items with [id] length() > 0]
Note: This remediation procedure needs to be assessed manually, and will vary based on the individual organization's implementation of identity federation and/or AWS Organizations with the acceptance criteria that no non-service IAM users, and non-root accounts, are present outside the account providing centralized IAM user management.
For multi-account AWS environments with an external identity provider:
*For multi-account AWS environments implementing AWS Organizations without an external identity provider, skip to step 5.
- Login into the master account for identity federation or IAM user management
- Go to 'IAM'
- In the menu, under 'Access management', choose 'Identity providers'
- Verify the configurations
- Determine all accounts that should not have local users present and switch role into each identified account
- Go to 'IAM'
- In the menu, under 'Access management', choose 'Users'
- Confirm that no IAM users representing individuals are present
An IAM SAML 2.0 identity provider is an entity in IAM that describes an external identity provider (IdP) service that supports the SAML 2.0 (Security Assertion Markup Language 2.0) standard. You use an IAM identity provider when you want to establish trust between a SAML-compatible IdP such as Shibboleth or Active Directory Federation Services and AWS, so that users in your organization can access AWS resources. IAM SAML identity providers are used as principals in an IAM trust policy.
- AWS CIS Foundations v. 1.3.0
- AWS CIS Foundations v. 1.4.0
- AWS CIS Foundations v. 1.5.0
- AWS CloudGuard SOC2 based on AICPA TSC 2017
- AWS HITRUST v11.0.0
- AWS MITRE ATT&CK Framework v10
- AWS MITRE ATT&CK Framework v11.3
- AWS NIST 800-53 Rev 5
Updated 6 months ago