Turbot Guardrails Hub 
Hub
  • Mods
  • Policy Packs
  • Docs
  • Home
ModsPolicy PacksDocsHome
Mods
AWS
Loading policies...

Policy: AWS > CIS v1 > 1 Identity and Access Management

Covers recommendations addressing Identity and Access Management.

Targets

This policy targets the following resource types:

  • AWS > Account

Primary Policy

This policy is used with the following primary policy:

  • AWS > CIS v1

Related Policies

  • 1.01 Avoid the use of the "root" account (Scored)
  • 1.02 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password (Scored)
  • 1.03 Ensure credentials unused for 90 days or greater are disabled (Scored)
  • 1.04 Ensure access keys are rotated every 90 days or less (Scored)
  • 1.05 Ensure IAM password policy requires at least one uppercase letter (Scored)
  • 1.06 Ensure IAM password policy require at least one lowercase letter (Scored)
  • 1.07 Ensure IAM password policy require at least one symbol (Scored)
  • 1.08 Ensure IAM password policy require at least one number (Scored)
  • 1.09 Ensure IAM password policy requires minimum length of 14 or greater (Scored)
  • 1.10 Ensure IAM password policy prevents password reuse (Scored)
  • 1.11 Ensure IAM password policy expires passwords within 90 days or less (Scored)
  • 1.12 Ensure no root account access key exists (Scored)
  • 1.13 Ensure MFA is enabled for the "root" account (Scored)
  • 1.14 Ensure hardware MFA is enabled for the "root" account (Scored)
  • 1.15 Ensure security questions are registered in the AWS account (Not Scored)
  • 1.16 Ensure IAM policies are attached only to groups or roles (Scored)
  • 1.17 Maintain current contact details (Not Scored)
  • 1.18 Ensure security contact information is registered (Not Scored)
  • 1.19 Ensure IAM instance roles are used for AWS resource access from instances (Not Scored)
  • 1.21 Do not setup access keys during initial user setup for all IAM users that have a console password (Not Scored)
  • 1.22 Ensure IAM policies that allow full "*:*"; administrative privileges are not created (Scored)

Policy Specification

Schema Type
string
Default
Skip
Valid Values [YAML]
  • Skip
Examples [YAML]
  • Skip

Category

  • CIS

In Your Workspace

  • Policy Settings by Type report

Developers

    Category URI
    • tmod:@turbot/cis#/control/categories/cis
    • Policy Type URI
    • tmod:@turbot/aws-cisv1#/policy/types/s01
    • GraphQL
    • query policyType(id: "tmod:@turbot/aws-cisv1#/policy/types/s01") { … }
    • query policySettings(filter: "policyTypeId:'tmod:@turbot/aws-cisv1#/policy/types/s01'") { … }
    • query policyValues(filter: "policyTypeId:'tmod:@turbot/aws-cisv1#/policy/types/s01'") { … }
    • CLI
    • Get Policy Type
    • turbot graphql policy-type --id "tmod:@turbot/aws-cisv1#/policy/types/s01"
      • Get Policy Settings
    • turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/aws-cisv1#/policy/types/s01"
Guardrails
Guardrails Hub
  • Hub
  • Docs
  • Blog
  • Changelog
Products
  • GuardrailsGuardrails
  • PipesPipes
  • SteampipeSteampipe
  • PowerpipePowerpipe
  • FlowpipeFlowpipe
  • TailpipeTailpipe
Turbot
  • Home
  • About us
  • We're hiring!
  • Contact us
Community

Our community of practitioners love to discuss cloud governance & security.

Slack logoJoin us on Slack →

System StatusLegalSecurity
Terms of UseSecurityPrivacy
180
Mods
497
Resource Types
8,691
Policies
3,362
Controls
1,833
Quick Actions
540
IAM