AWS-IAM-Admin-Group-Without-Admin-Name
- naveen
Severity : Medium
Description: This control ensures that IAM Group with Administrator permission have Group name as Administrator and user name Administrator. As best practice its recommended to create an IAM user and Administrator group with name as Administrator to perform tasks that requires AdministratorAccess permissions instead of using root user account.
Remediation Steps:
Perform following to create a IAM administrator group and move users from old group :
Login to the AWS Management Console at https://console.aws.amazon.com as root user.
Navigate to IAMÂ console.
Enable access to billing data for the IAM admin user
On navigation, choose account name, and then choose My Account.Â
Next to IAM User and Role Access to Billing Information, choose Edit.
Select Activate IAM Access and choose Update.
On navigation, choose Services then IAM to return to IAM console.
In the navigation pane, choose Users and then choose Add user.
On Detail page
In the User Name, enter Administrator.
Select AWS Management Console access, select Custom password, and then enter new password.
Choose Next: Permissions.
On Permission page
Choose Add user to group.
Choose Create group.
In the Create group, for Group name as Administrators.
In the policy list, select checkbox for AdministratorAccess.
Choose Create group,
Choose Next: Tags.
Choose Next: Review and then choose Create user.
Add other users to new Administrator group if needed :
In navigation, select Groups. Select the new Administrator group.
Select Add user, select the checkbox for users to add to group.
Choose Add Users.
Delete the old Admin group:
In navigation, select Groups. Select old group.
Choose Delete.
Type the user group name and choose Delete.
Important:
Reference:
Blue Hexagon Proprietary