Ensure that your Amazon Identity and Access Management (IAM) users are members of at least one IAM group in order to adhere to IAM security best practices.
This rule can help you work with the AWS Well-Architected Framework
As a cloud security best practice, it is strongly recommended to avoid assigning identity-based policies to individual IAM users or defining inline policies when creating an IAM user. Instead, you can assign policies to a group of IAM users or write inline policies when creating an IAM group. All the IAM users within your group will inherit the permissions assigned to the group. This streamlines the process of making changes to multiple user permissions and decreases the risk of accidentally giving individual IAM users excessive permissions. As people move around in your organization, you can simply change what IAM group their IAM user belongs to.
To determine if all IAM users available in your AWS cloud account have group memberships, perform the following actions:
Remediation / Resolution
To assign orphaned Identity and Access Management (IAM) users to IAM groups, perform the following actions:
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
Get started for FREE
You are auditing:
Check for IAM User Group Membership
Risk level: High