AWS-IAM-Admin-Privilege-Managed-Policy

Severity : Medium

Description: This control ensures that IAM group, role, user is not assigned deprecated AmazonElasticTranscoderFullAccess policy. To avoid security risks deprecated AWS managed policies must not be used for any group, role and user. Deprecated AmazonElasticTranscoderFullAccess policy grant IAM::PutRolePolicy permission to attach admin permission to other groups and users. It is recommend that review should be done for usage of deprecated policy to remove or replace old deprecated policy with new improved policies.

Remediation Steps:

Perform following to replace deprecated AWS managed IAM policy :

1. Login to the AWS Management Console at https://console.aws.amazon.com.

2. Navigate to IAM console.

3. In the navigation pane, choose user group/users/role reported.

4. Select reported user group, role or user from the list.

5. Choose Permission, and then choose X for AmazonElasticTranscoderFullAccess to delete the policy.

6. Select Attach Policies to replace old removed policy.

7. Under Attach Permission find AWS managed AmazonElasticTranscoder_FullAccess policy , select the checkbox in from of the policy .

8. Choose Attach Policy.

Important:

Reference:

• https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-delete.html

• https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html