Ensure IAM User do not have administrator privileges
Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions
Risk Level: Low
Cloud Entity: IAM User
CloudGuard Rule ID: D9.AWS.IAM.89
Category: Security, Identity, & Compliance
GSL LOGIC
IamUser should not have combinedPolicies with [ name like 'AdministratorAccess' ]
REMEDIATION
From Portal
- Go to 'IAM'
- In the menu, under 'Access management', choose 'User'
- Select the incompliant users
- Click on 'X' next to 'AdministratorAccess' group
- Click 'Remove from group'
From Command Line
To remove the specified managed policy from a specified user, run:
aws iam detach-user-policy --user-name USER-NAME --policy-arn POLICY-ARN
References
- https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups_manage_add-remove-users.html
- https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction_access-management.html
IAM User
An IAM user is an entity that you create in AWS to represent the person or service that uses it to interact with AWS. A user in AWS consists of a name and credentials.
Compliance Frameworks
- AWS CloudGuard Best Practices
- AWS CloudGuard SOC2 based on AICPA TSC 2017
- AWS HITRUST v11.0.0
- AWS MITRE ATT&CK Framework v11.3
- AWS NIST 800-53 Rev 5
- AWS PCI-DSS 4.0
- AWS Security Risk Management
Updated over 1 year ago