AWS-IAM-IAM-User-Unauthorized-to-Edit

Severity : High

Description: This control identify that IAM users are not authorized to edit IAM policies and decommission them in order to protect against unapproved access. Allowing unauthorized IAM users to edit access policies can lead to security breaches. To prevent any unauthorized requests made to edit IAM access policies, action must restrict access only to trusted IAM users. If not specified, any IAM user with permission to edit IAM access policies would be security risk.

Remediation Steps:

Perform following to update IAM policy for IAM user :

1. Login to the AWS Management Console at https://console.aws.amazon.com.

2. Navigate to IAM console.

3. In the navigation pane, click Users.

4. Click on the IAM user name that need to remove access permission for.

5. On the IAM user configuration page, select the permissions tab.

6. Find the access policy which give access permissions to user and click X next to policy to remove the policy.

7. Click Remove to confirm the removal.

Important:

Reference:

• https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_change-permissions.html