To protect your AWS cloud resources against unauthorized access and meet strict compliance requirements within your organization, ensure that unapproved Amazon IAM managed policies are not attached to IAM roles, users, or groups. Prior to running this rule by the Conformity engine, the list with the unapproved IAM policies must be defined in the conformity rule settings, on the Trend Micro Cloud One™ – Conformity account console.
This rule can help you work with the AWS Well-Architected Framework
Setting boundaries for the use of identity-based policies within your organization can help you address internal security compliance, protect sensitive and confidential data, and even prevent unexpected charges on your AWS bill. You can explicitly specify the IAM managed policies that are not allowed to be attached to IAM roles, users, or groups within your AWS cloud account. To adhere to Amazon Identity and Access Management (IAM) security best practices, you can either detach the unapproved IAM policies or approve them after a complete compliance review.
To determine if there are any unapproved Amazon IAM managed policies used within your AWS account, perform the following operations:
Remediation / Resolution
To ensure that all unapproved Amazon IAM managed policies are decommissioned within your AWS cloud account, perform the following operations:
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
Get started for FREE
You are auditing:
Unapproved IAM Policy in Use
Risk level: High