IAM Groups Rule: Ensure at Least One User

This rule ensures that IAM groups have at least one user assigned to them.

Rule	IAM groups should have at least one user
Framework	GxP 21 CFR Part 11
Severity	✔ High

IAM Group User Requirement for GxP 21 CFR Part 11 Compliance

Description:

To comply with the requirements of GxP 21 CFR Part 11, IAM (Identity and Access Management) groups should have at least one user assigned to them. This ensures proper accountability, traceability, and control over sensitive data and system operations.

Troubleshooting Steps:

If you encounter issues related to compliance with this rule, follow these troubleshooting steps:

1.
Check IAM Group Configuration: Verify the configuration of IAM groups to ensure that at least one user is associated with each group.

2.
Review User Assignments: Review the assigned users for each IAM group to identify any missing or unassigned groups.

3.
Audit Logs: Analyze the audit logs or access history to determine if any groups have been left without users.

Remediation Steps:

To remediate the non-compliance with this rule, follow these steps:

1.
Identify Unassigned Groups: Identify the IAM groups that do not have any users assigned.

2.
Assign Users to Groups: Select a suitable user to assign to each of the unassigned groups. This can be an existing user or a new user created specifically for this purpose.

3.
Access Management Console: Access the IAM management console or use the appropriate CLI commands to manage IAM groups and users.

4.
Locate the Group: Search for the unassigned group by its name or unique identifier.

5.
Assign User: Navigate to the group's settings and select the option to add or assign a user.

6.
Select User: Choose the appropriate user from the available list or create a new user if necessary.

7.
Review and Confirm: Double-check the selection and click on the confirm button to assign the user to the group.

8.
Repeat for Other Groups: Repeat steps 4-7 for all other unassigned groups identified in step 1.

Recommended CLI Commands (if applicable):

1.
To list all IAM groups:

aws iam list-groups

1.
To get details of a specific IAM group:

aws iam get-group --group-name <group-name>

1.
To add a user to an IAM group:

aws iam add-user-to-group --user-name <user-name> --group-name <group-name>

1.
To create a new IAM user:

aws iam create-user --user-name <user-name>

Note: Replace

<group-name>

with the name of the IAM group and

<user-name>

with the desired username.

By following these steps and using the mentioned CLI commands where applicable, you can ensure compliance with the IAM group user requirement for GxP 21 CFR Part 11.

IAM Groups Rule: Ensure at Least One User

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Description:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Troubleshooting Steps:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Remediation Steps:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Recommended CLI Commands (if applicable):

Is your System Free of Underlying Vulnerabilities? Find Out Now

Description:

Troubleshooting Steps:

Remediation Steps:

Recommended CLI Commands (if applicable):

Is your System Free of Underlying Vulnerabilities?
Find Out Now