Control: AWS > CIS v1.4 > 1 - Identity and Access Management > 1.21 - Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments (Manual)
Configures auditing against a CIS Benchmark item.
Level: 2 (Not Scored)
In multi-account environments, IAM user centralization facilitates greater user control. User access beyond the initial account is then provided via role assumption. Centralization of users can be accomplished through federation with an external identity provider or through the use of AWS Organizations.
Resource Types
This control targets the following resource types:
Policies
This control type relies on these other policies when running actions:
- AWS > CIS v1.4 > Maximum Attestation Duration
- AWS > CIS v1.4 > 1 - Identity and Access Management > 1.21 - Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments (Manual) > Attestation
- AWS > CIS v1.4
- AWS > CIS v1.4 > 1 - Identity and Access Management > 1.21 - Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments (Manual)
- AWS > CIS v1.4 > 1 - Identity and Access Management
- AWS > CIS v1.4 > 1 - Identity and Access Management > Maximum Attestation Duration
Category
In Your Workspace
Developers
- tmod:@turbot/aws-cisv1-4#/control/types/r0121
- tmod:@turbot/cis#/control/categories/v071602
- turbot graphql controls --filter "controlTypeId:tmod:@turbot/aws-cisv1-4#/control/types/r0121"
Get Controls
Control Type URI
Category URI
GraphQL
CLI