AWS-IAM-Known-Bad-Policy

Severity : Critical

Description: This control ensures that IAM policies in the account follow the latest format and valid statement. The old policies may contains statements and format which is discontinued, error or warnings. It may contains unrecognized service, action or resource type. Best security practice recommend updating or removing the bad policy and replace them correctly formatted policies.

Remediation Steps:

Perform following to update IAM policy for IAM user :

1. Login to the AWS Management Console at https://console.aws.amazon.com.

2. Navigate to IAM console.

3. In the navigation pane, choose Policies.

4. Select the check box next to the customer managed policy reported or Filter menu and the search box to filter the list of policies. The policy may have a warning symbol due to unrecognized service, action or resource type.

5. Choose the Permissions tab, and then choose Edit policy.

6. Edit the policy for warning shown in summary.

7. Choose Review Policy.

8. Choose Save changes on review page.

Important:

Reference:

• https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-edit.html#edit-managed-policy-console