AWS-IAM-No-User-IAM-Policies
Severity: Medium
Description: This control ensures that no managed policies are attached to IAM Users directly. Use of managed policies directly with IAM user add another layer to be monitored for permission misconfiguration. Assigning permissions through groups is recommended as permission assignment is unified to single layer and chances of excessive permission assignment is reduced.
Remediation Steps:
Perform following to update IAM policy for IAM user :
Login to the AWS Management Console at https://console.aws.amazon.com.
Navigate to IAMÂ console.
On the Left Pane, click on Users.
Click on the user to remediate.
Under Permissions tab, in Permission Policies section,
Click on XÂ button for each Managed policy to remove the policy.
Click Detach.
Important:
Reference:
CIS Amazon Web Services Foundations Benchmark v1.3.0 - 08-07-2020: Recommendation #1.15 (check 2)
Adding and removing IAM identity permissions - AWS Identity and Access Management
Blue Hexagon Proprietary