Control: AWS > CIS v1 > 1 Identity and Access Management > 1.22 Ensure IAM policies that allow full ":" administrative privileges are not created (Scored)

Configures auditing against a CIS Benchmark item.

Level: 1 (Scored)

IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended and considered a standard security advice to grant least privilege—that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks, instead of allowing full administrative privileges.

Resource Types

This control targets the following resource types:

AWS > IAM > Policy

Policies

This control type relies on these other policies when running actions:

In Your Workspace

Developers

Control Type URI

tmod:@turbot/aws-cisv1#/control/types/r0122

Category URI

tmod:@turbot/cis#/control/categories/v0704

GraphQL

query controlType(id: "tmod:@turbot/aws-cisv1#/control/types/r0122") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/aws-cisv1#/control/types/r0122'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/aws-cisv1#/control/types/r0122"

Control: AWS > CIS v1 > 1 Identity and Access Management > 1.22 Ensure IAM policies that allow full "*:*" administrative privileges are not created (Scored)

Resource Types

Policies

Category

In Your Workspace

Developers

Control: AWS > CIS v1 > 1 Identity and Access Management > 1.22 Ensure IAM policies that allow full "*:*" administrative privileges are not created (Scored)

Resource Types

Policies

Category

In Your Workspace

Developers

Control: AWS > CIS v1 > 1 Identity and Access Management > 1.22 Ensure IAM policies that allow full ":" administrative privileges are not created (Scored)

Control: AWS > CIS v1 > 1 Identity and Access Management > 1.22 Ensure IAM policies that allow full ":" administrative privileges are not created (Scored)