Control: AWS > CIS v3.0 > 1 - Identity and Access Management > 1.21 - Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments

Configures auditing against a CIS Benchmark item.

Level: 2

In multi-account environments, IAM user centralization facilitates greater user control. User access beyond the initial account is then provided via role assumption. Centralization of users can be accomplished through federation with an external identity provider or through the use of AWS Organizations.

Resource Types

This control targets the following resource types:

AWS > Account

Primary Policies

The following policies can be used to configure this control:

In Your Workspace

Developers

Control Type URI

tmod:@turbot/aws-cisv3-0#/control/types/r0121

Category URI

tmod:@turbot/cis#/control/categories/v071602

GraphQL

query controlType(id: "tmod:@turbot/aws-cisv3-0#/control/types/r0121") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/aws-cisv3-0#/control/types/r0121'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/aws-cisv3-0#/control/types/r0121"