top of page
IAM.2
IAM users should not have IAM policies attached
Severity
Cloud Platforms
Resources
Related Standards
Automated
LOW
AWS
AWS Identity and Access Management
AWS CIS Foundations v1.2, AWS Foundational Best Practice, AWS Well-Architected, PCI DSS v3.2.1, ISO27001, SOC2, NIST CSF, NIST.800-53.r5,
YES
This AWS control checks that none of your IAM users have policies attached. Instead; IAM users must inherit permissions from IAM groups or roles.
bottom of page