My Saved Presets
You must be logged in to view saved presets

Loading Library ...

IAM Blacklisted Policies Check

A Config rule that that none of your IAM users, groups, or roles (excluding exceptionList) have the specified policies attached.

This config rule supports the following parameters:

  • policyArns
    • Required: Yes
    • Type: CSV
    • Description:Comma separated list of IAM policy arns which should not be attached to any IAM entity.
    • Default Value: arn:aws:iam::aws:policy/AdministratorAccess
  • exceptionList
    • Required: No
    • Type: CSV
    • Description:Comma separated list of resourcetypes and list of resource name pairs. (for example, users:[user1;user2], groups:[group1;group2], roles:[role1;role2;role3]).

ConfigRule

AWS::Config::ConfigRule

Scope

ComplianceResourceTypes

Source
CustomPolicyDetails

SourceDetails

CloudFormation Template

© 2024 asecurecloud. All rights reserved.