top of page

IAM.2

IAM users should not have IAM policies attached

Severity

Cloud Platforms

Resources

Related Standards

Automated

LOW

AWS

AWS Identity and Access Management

AWS CIS Foundations v1.2, AWS Foundational Best Practice, AWS Well-Architected, PCI DSS v3.2.1, ISO27001, SOC2, NIST CSF, NIST.800-53.r5,

YES

This AWS control checks that none of your IAM users have policies attached. Instead; IAM users must inherit permissions from IAM groups or roles.

bottom of page