Ensure IAM Users Receive Permissions Only Through Groups
Rating | 🐑 - Low |
---|---|
Description
Controlling access for users should be done through groups.
Vulnerability
Attaching policies directly to user accounts will obfuscate the access a user will have, and can result in permission creep.
Remediation
Create IAM groups for each job function, and add the users to the groups.
References
- AWS CIS v.1.4.0 - 1.15
- AWS CIS v.1.2.0 - 1.16