IAM User Should Not Have Any Inline or Attached Policies Rule
This rule states that IAM users should not have any inline or attached policies.
| Rule | IAM user should not have any inline or attached policies |
| Framework | RBI Cyber Security Framework |
| Severity | ✔ Low |
Rule Description
The rule prohibits IAM users from having any inline or attached policies related to the RBI Cyber Security Framework. Inline policies are policies that are directly attached to an IAM user, while attached policies are policies attached to a group, role, or resource. This rule ensures compliance with the RBI Cyber Security Framework regulations by preventing users from having any policy that may not align with the required security standards.
Troubleshooting Steps
If any IAM user is found to have inline or attached policies related to the RBI Cyber Security Framework, the following troubleshooting steps can be followed:
- 1.Identify the IAM users with inline or attached policies.
- 2.Review the specific policies that are violating the rule.
- 3.Determine the source of the policy. It could be an inadvertent attachment, a misconfiguration, or a deliberate action.
- 4.Assess the impact of the policy violation on the security of the system and data.
- 5.Decide whether the violation needs immediate remediation or can be addressed within a defined timeframe.
Necessary Code
There are no specific codes required for this rule. However, you may need to use AWS CLI commands to identify and remove the inline or attached policies associated with IAM users.
Step-by-Step Guide for Remediation
To remediate the violation of this rule and remove the inline or attached policies related to the RBI Cyber Security Framework from IAM users, follow these steps:
- 1.
Identify the IAM user with the policy violation:
- Access the AWS Management Console or use the AWS CLI.
- Navigate to the IAM service.
- 2.
Remove any attached policy violating the rule:
- Find the user in question and select their username.
- In the "Permissions" tab, click on "Detach Policy".
- Select the policy violating the rule and click on "Detach Policy".
- 3.
Delete any inline policy violating the rule:
- In the same "Permissions" tab, scroll down to the "Inline Policies" section.
- Click on the inline policy violating the rule.
- Click on the "Delete Policy" button.
- 4.
Review and confirm the changes:
- Double-check the user's permissions to ensure no inline or attached policies related to the RBI Cyber Security Framework remain.
- Verify if the user's policy evaluation results show compliance with the rule.
- 5.
Conduct periodic checks:
- Regularly review IAM users to ensure ongoing compliance with the rule.
- Implement automated monitoring or security tools to detect and prevent future violations.
Conclusion
Following the provided troubleshooting steps and the step-by-step guide should help identify and remediate any violation of IAM users having inline or attached policies related to the RBI Cyber Security Framework. By ensuring compliance with this rule, you maintain a secure environment that aligns with the required security standards and regulatory framework.