Ensure that all Amazon IAM users available within AWS account are safelisted (trusted) in order to protect your AWS cloud resources against unapproved access and meet compliance requirements within your organization. Prior to running this rule by the Cloud Conformity engine, the list with the approved IAM users (i.e. IAM user safelist) must be configured within the rule settings, on the Cloud Conformity account dashboard.
This rule can help you with the following compliance standards:
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
When Amazon IAM user safelisting is used, you can explicitly specify the users that are allowed to access your AWS services and resources and mark all other users as unapproved or unauthorized. To adhere to Amazon IAM security best practices, you can either remove the untrusted IAM users or safelist them after a complete compliance review.
To identify any unapproved Amazon IAM users available in your AWS account, perform the following actions:
Remediation / Resolution
Case A: To remove any unapproved (unauthorized) IAM users from your AWS account, perform the following actions:
Case B: If the selected unapproved Amazon IAM user is vital for your AWS cloud infrastructure and resources, or you just want to mark it as compliant, add the selected user to the IAM user safelist, defined in the rule settings, on your Cloud Conformity account dashboard.
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Check for Unapproved IAM Users Existence
Risk level: Medium