Risk Level: Low
Cloud Entity: IAM Policy
CloudGuard Rule ID: D9.AWS.IAM.82
Category: Security, Identity, & Compliance
IamPolicy where not arn regexMatch /aws:policy/ should have attachmentCount>0
To remove unused IAM policy:
- Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/.
- In the left navigation pane, click on Policies
- For each policy:
- Select the policy where : Type = 'Customer managed' and Attached entities ='0'
- Click on Action
- click on delete
From Command Line
To remove the specified managed policy, run:
aws iam delete-policy --policy-arn POLICY-ARN
You manage access in AWS by creating policies and attaching them to IAM identities or AWS resources. A policy is an object in AWS that, when associated with an entity or resource, defines their permissions. AWS evaluates these policies when a principal, such as a user, makes a request. Permissions in the policies determine whether the request is allowed or denied. Most policies are stored in AWS as JSON documents.
- AWS CloudGuard Best Practices
- AWS CloudGuard SOC2 based on AICPA TSC 2017
- AWS HITRUST v11.0.0
- AWS MITRE ATT&CK Framework v11.3
- AWS NIST 800-53 Rev 5
- AWS PCI-DSS 4.0
Updated 6 months ago