AWS-IAM-No-User-IAM-Policies

Severity: Medium

Description: This control ensures that no managed policies are attached to IAM Users directly. Use of managed policies directly with IAM user add another layer to be monitored for permission misconfiguration. Assigning permissions through groups is recommended as permission assignment is unified to single layer and chances of excessive permission assignment is reduced.

Remediation Steps:

Perform following to update IAM policy for IAM user :

1. Login to the AWS Management Console at https://console.aws.amazon.com.

2. Navigate to IAM console.

3. On the Left Pane, click on Users.

4. Click on the user to remediate.

5. Under Permissions tab, in Permission Policies section,

6. Click on X button for each Managed policy to remove the policy.

7. Click Detach.

Important:

Reference:

• CIS Amazon Web Services Foundations Benchmark v1.3.0 - 08-07-2020: Recommendation #1.15 (check 2)

• https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html#inline-policies

• https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html