Control: AWS > IAM > User > Policy Attachments > Approved

Configure AWS IAM user policies binding Approved checking. This policy defines whether to verify the IAM user attached policies are approved (per Approved > Compiled Rules), as well as the subsequent action to take on unapproved items. If set to "Enforce: Delete unapproved", any unapproved attached policy will be removed.

Resource Types

This control targets the following resource types:

AWS > IAM > User

Policies

The following policies can be used to configure this control:

AWS > IAM > User > Policy Attachments > Approved

This control type relies on these other policies when running actions:

Permissions

Cloud permissions used by this control and its actions:

iam:DetachUserPolicy

In Your Workspace

Developers

Control Type URI

tmod:@turbot/aws-iam#/control/types/userPolicyAttachmentsApproved

Category URI

tmod:@turbot/turbot#/control/categories/resourceApproved

GraphQL

query controlType(id: "tmod:@turbot/aws-iam#/control/types/userPolicyAttachmentsApproved") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/aws-iam#/control/types/userPolicyAttachmentsApproved'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/aws-iam#/control/types/userPolicyAttachmentsApproved"