Turbot Guardrails Hub 
Hub
  • Mods
  • Policy Packs
  • Docs
  • Home
ModsPolicy PacksDocsHome
Mods
AWS
Loading resources...

Resource Type: AWS > IAM > User

The IAM User resource type is part of the AWS Identity and Access Management (IAM) service. Each IAM User represents an individual user within an AWS account, providing a way to manage access to AWS resources.

Resource Context

User is a part of the IAM service.

Each User lives under an Account.

Each User may have children of these types:
  • Group Memberships
  • Inline Policy
  • User Policy Attachments

Controls

The primary controls for AWS > IAM > User are:

  • Active
  • Approved
  • Boundary
  • CMDB
  • Configured
  • Discovery
  • Intelligent Assessment
  • Login Profile
  • Policy Attachments
  • ServiceNow
  • Tags
  • Turbot Access Key
  • Usage

It is also targeted by these controls:

  • AWS > CIS v1 > 1 Identity and Access Management > 1.16 Ensure IAM policies are attached only to groups or roles (Scored)
  • AWS > CIS v1.4 > 1 - Identity and Access Management > 1.15 - Ensure IAM Users Receive Permissions Only Through Groups (Automated)
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.15 - Ensure IAM Users Receive Permissions Only Through Groups
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.10 - Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.11 - Do not setup access keys during initial user setup for all IAM users that have a console password
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.12 - Ensure credentials unused for 45 days or greater are disabled
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.13 - Ensure there is only one active access key available for any single IAM user
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.14 - Ensure access keys are rotated every 90 days or less
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.15 - Ensure IAM Users Receive Permissions Only Through Groups
  • AWS > CIS v4.0 > 1 - Identity and Access Management > 1.10 - Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
  • AWS > CIS v4.0 > 1 - Identity and Access Management > 1.11 - Do not create access keys during initial setup for IAM users with a console password
  • AWS > CIS v4.0 > 1 - Identity and Access Management > 1.12 - Ensure credentials unused for 45 days or more are disabled
  • AWS > CIS v4.0 > 1 - Identity and Access Management > 1.13 - Ensure there is only one active access key for any single IAM user
  • AWS > CIS v4.0 > 1 - Identity and Access Management > 1.14 - Ensure access keys are rotated every 90 days or less
  • AWS > CIS v4.0 > 1 - Identity and Access Management > 1.15 - Ensure IAM users receive permissions only through groups
  • AWS > CIS v5.0 > 1 - Identity and Access Management > 1.09 - Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
  • AWS > CIS v5.0 > 1 - Identity and Access Management > 1.10 - Do not create access keys during initial setup for IAM users with a console password
  • AWS > CIS v5.0 > 1 - Identity and Access Management > 1.11 - Ensure credentials unused for 45 days or more are disabled
  • AWS > CIS v5.0 > 1 - Identity and Access Management > 1.12 - Ensure there is only one active access key for any single IAM user
  • AWS > CIS v5.0 > 1 - Identity and Access Management > 1.13 - Ensure access keys are rotated every 90 days or less
  • AWS > CIS v5.0 > 1 - Identity and Access Management > 1.14 - Ensure IAM Users Receive Permissions Only Through Groups
  • AWS > CIS v6.0 > 2 - Identity and Access Management > 2.09 - Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
  • AWS > CIS v6.0 > 2 - Identity and Access Management > 2.10 - Do not create access keys during initial setup for IAM users with a console password
  • AWS > CIS v6.0 > 2 - Identity and Access Management > 2.11 - Ensure credentials unused for 45 days or more are disabled
  • AWS > CIS v6.0 > 2 - Identity and Access Management > 2.12 - Ensure there is only one active access key for any single IAM user
  • AWS > CIS v6.0 > 2 - Identity and Access Management > 2.13 - Ensure access keys are rotated every 90 days or less
  • AWS > CIS v6.0 > 2 - Identity and Access Management > 2.14 - Ensure IAM users receive permissions only through groups
  • AWS > HIPAA > IAM > IAM user credentials that have not been used in 90 days should be disabled
  • AWS > HIPAA > IAM > IAM user MFA should be enabled
  • AWS > HIPAA > IAM > IAM user should not have any inline or attached policies
  • AWS > HIPAA > IAM > IAM users should be in at least one group
  • AWS > HIPAA > IAM > IAM users with console access should have MFA enabled
  • AWS > HIPAA > IAM > KMS key decryption should be restricted in IAM inline policy
  • AWS > IAM > Access Key > Discovery
  • AWS > IAM > Access Key > Usage
  • AWS > IAM > Service Specific Credential > Discovery
  • AWS > IAM > User > Group Memberships > Discovery
  • AWS > IAM > User > Inline Policy > Discovery
  • AWS > IAM > User > User Policy Attachments > Discovery
  • AWS > NIST 800-53 > IAM > IAM groups, users, and roles should not have any inline policies
  • AWS > NIST 800-53 > IAM > IAM user credentials that have not been used in 90 days should be disabled
  • AWS > NIST 800-53 > IAM > IAM user MFA should be enabled
  • AWS > NIST 800-53 > IAM > IAM user should not have any inline or attached policies
  • AWS > NIST 800-53 > IAM > IAM users should be in at least one group
  • AWS > NIST 800-53 > IAM > IAM users with console access should have MFA enabled
  • AWS > PCI v3.2.1 > IAM > 2 IAM users should not have IAM policies attached
  • AWS > PCI v3.2.1 > IAM > 6 MFA should be enabled for all IAM users
  • AWS > PCI v3.2.1 > IAM > 7 IAM user credentials should be disabled if not used within a predefined number of days
  • AWS > Turbot > IAM > User > Managed

Quick Actions

  • Attach User Policies
  • Create or Rotate Turbot Access Key
  • Delete
  • Delete from AWS
  • Delete Login Profile
  • Detach Policies
  • IAM User Managed
  • Router
  • Set Boundary Policy
  • Set Tags
  • Skip alarm for Active control
  • Skip alarm for Active control [90 days]
  • Skip alarm for Approved control
  • Skip alarm for Approved control [90 days]
  • Skip alarm for Tags control
  • Skip alarm for Tags control [90 days]
  • Update Tags

Category

  • IAM

In Your Workspace

  • Controls by Resource Type report
  • Policy Settings by Resource Type report
  • Resources by Resource Type report

Developers

    Resource Type URI
    • tmod:@turbot/aws-iam#/resource/types/user
    • Category URI
    • tmod:@turbot/turbot#/resource/categories/iam
    • GraphQL
    • query resource(id: "tmod:@turbot/aws-iam#/resource/types/user") { … }
    • query resourceActivities(filter: "resourceId:'tmod:@turbot/aws-iam#/resource/types/user'") { … }
    • mutation createResource(input: { … })
    • mutation updateResource(input: { … })
    • CLI
    • Get Resource
    • turbot graphql resource --id "tmod:@turbot/aws-iam#/resource/types/user"
    • Steampipe Query
    • Get Resource
    • select * from guardrails_resource where resource_type_uri = 'tmod:@turbot/aws-iam#/resource/types/user';
      • Get Policy Settings (By Resource ID)
    • select * from guardrails_policy_setting where filter = 'resourceTypeId:"tmod:@turbot/aws-iam#/resource/types/user"';
      • Get Resource Notification
    • select * from guardrails_notification where resource_type_uri = 'tmod:@turbot/aws-iam#/resource/types/user' and notification_type in ('resource_updated', 'resource_created');
Guardrails
Guardrails Hub
  • Hub
  • Docs
  • Blog
  • Changelog
Products
  • GuardrailsGuardrails
  • PipesPipes
  • SteampipeSteampipe
  • PowerpipePowerpipe
  • FlowpipeFlowpipe
  • TailpipeTailpipe
Turbot
  • Home
  • About us
  • We're hiring!
  • Contact us
Community

Our community of practitioners love to discuss cloud governance & security.

Slack logoJoin us on Slack →

System StatusLegalSecurity
Terms of UseSecurityPrivacy
180
Mods
497
Resource Types
8,691
Policies
3,362
Controls
1,833
Quick Actions
540
IAM