/
AWS-IAM-IAM-Role-Last-Used

AWS-IAM-IAM-Role-Last-Used

Owned by naveen
Last updated: Feb 02, 2022
1 min read

Severity : Medium

Description: This control ensures that all IAM roles are used recently and there are no unused roles for for more than 90 days. Removing the unused roles improve the security posture of AWS environments. Additionally, removing unused roles simplify monitoring and auditing efforts by focusing only on roles that are in use. Besides, these roles may have access policies that may allow unintended access to resources to malicious actor.

Remediation Steps:

Perform following to update IAM policy for IAM user :

  1. Login to the AWS Management Console at https://console.aws.amazon.com.

  2. Navigate to IAM console.

  3. On the Left Pane, click on Roles.

  4. Check the checkbox of roles reported.

  5. Select Delete. In the confirm dialog box, Under confirm deletion enter name of the role.

  6. Select Delete.

Important:

  • Any application or user may see failure if they try to use the deleted role.

Reference:

 

Related content

AWS-IAM-IAM-Role-Policies
AWS-IAM-IAM-Role-Policies
Blue Hexagon Documentation
More like this
AWS-IAM-IAM-Master-and-IAM-Manager-Roles
AWS-IAM-IAM-Master-and-IAM-Manager-Roles
Blue Hexagon Documentation
More like this
AWS-IAM-IAM-User-Unauthorized-to-Edit
AWS-IAM-IAM-User-Unauthorized-to-Edit
Blue Hexagon Documentation
More like this
AWS-IAM-Known-Bad-Policy
AWS-IAM-Known-Bad-Policy
Blue Hexagon Documentation
More like this
AWS-IAM-Unexpected-Admin-Privilege-Principal
AWS-IAM-Unexpected-Admin-Privilege-Principal
Blue Hexagon Documentation
More like this
AWS-IAM-Access-Keys-Rotated
AWS-IAM-Access-Keys-Rotated
Blue Hexagon Documentation
More like this

Blue Hexagon Proprietary