Control: AWS > CIS v3.0 > 1 - Identity and Access Management > 1.21 - Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments
Configures auditing against a CIS Benchmark item.
Level: 2
In multi-account environments, IAM user centralization facilitates greater user control. User access beyond the initial account is then provided via role assumption. Centralization of users can be accomplished through federation with an external identity provider or through the use of AWS Organizations.
Resource Types
This control targets the following resource types:
Policies
This control type relies on these other policies when running actions:
- AWS > CIS v3.0 > Maximum Attestation Duration
- AWS > CIS v3.0 > 1 - Identity and Access Management > 1.21 - Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments > Attestation
- AWS > CIS v3.0
- AWS > CIS v3.0 > 1 - Identity and Access Management > 1.21 - Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments
- AWS > CIS v3.0 > 1 - Identity and Access Management
- AWS > CIS v3.0 > 1 - Identity and Access Management > Maximum Attestation Duration
Category
In Your Workspace
Developers
- tmod:@turbot/aws-cisv3-0#/control/types/r0121
- tmod:@turbot/cis#/control/categories/v071602
- turbot graphql controls --filter "controlTypeId:tmod:@turbot/aws-cisv3-0#/control/types/r0121"
Get Controls
Control Type URI
Category URI
GraphQL
CLI