Control: AWS > CIS v2.0 > 1 - Identity and Access Management > 1.21 - Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments
Configures auditing against a CIS Benchmark item.
Level: 2
In multi-account environments, IAM user centralization facilitates greater user control. User access beyond the initial account is then provided via role assumption. Centralization of users can be accomplished through federation with an external identity provider or through the use of AWS Organizations.
Resource Types
This control targets the following resource types:
Primary Policies
The following policies can be used to configure this control:
- 1.21 - Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments
- 1.21 - Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments > Attestation
Category
In Your Workspace
Developers
- tmod:@turbot/aws-cisv2-0#/control/types/r0121
- tmod:@turbot/cis#/control/categories/v071602
- turbot graphql controls --filter "controlTypeId:tmod:@turbot/aws-cisv2-0#/control/types/r0121"
Get Controls
Control Type URI
Category URI
GraphQL
CLI