Resource Type: AWS > IAM > User
The IAM User resource type is part of the AWS Identity and Access Management (IAM) service. Each IAM User represents an individual user within an AWS account, providing a way to manage access to AWS resources.
Resource Context
User is a part of the IAM service.
Each User lives under an Account.
Each User may have children of these types:Controls
The primary controls for AWS > IAM > User are:
- Active
- Approved
- Boundary
- CMDB
- Configured
- Discovery
- Login Profile
- Policy Attachments
- ServiceNow
- Tags
- Turbot Access Key
- Usage
It is also targeted by these controls:
- AWS > CIS v1 > 1 Identity and Access Management > 1.16 Ensure IAM policies are attached only to groups or roles (Scored)
- AWS > CIS v1.4 > 1 - Identity and Access Management > 1.15 - Ensure IAM Users Receive Permissions Only Through Groups (Automated)
- AWS > CIS v2.0 > 1 - Identity and Access Management > 1.15 - Ensure IAM Users Receive Permissions Only Through Groups
- AWS > CIS v3.0 > 1 - Identity and Access Management > 1.15 - Ensure IAM Users Receive Permissions Only Through Groups
- AWS > HIPAA > IAM > IAM user credentials that have not been used in 90 days should be disabled
- AWS > HIPAA > IAM > IAM user MFA should be enabled
- AWS > HIPAA > IAM > IAM user should not have any inline or attached policies
- AWS > HIPAA > IAM > IAM users should be in at least one group
- AWS > HIPAA > IAM > IAM users with console access should have MFA enabled
- AWS > HIPAA > IAM > KMS key decryption should be restricted in IAM inline policy
- AWS > IAM > Access Key > Discovery
- AWS > IAM > Access Key > Usage
- AWS > IAM > User > Group Memberships > Discovery
- AWS > IAM > User > Inline Policy > Discovery
- AWS > IAM > User > User Policy Attachments > Discovery
- AWS > NIST 800-53 > IAM > IAM groups, users, and roles should not have any inline policies
- AWS > NIST 800-53 > IAM > IAM user credentials that have not been used in 90 days should be disabled
- AWS > NIST 800-53 > IAM > IAM user MFA should be enabled
- AWS > NIST 800-53 > IAM > IAM user should not have any inline or attached policies
- AWS > NIST 800-53 > IAM > IAM users should be in at least one group
- AWS > NIST 800-53 > IAM > IAM users with console access should have MFA enabled
- AWS > PCI v3.2.1 > IAM > 2 IAM users should not have IAM policies attached
- AWS > PCI v3.2.1 > IAM > 6 MFA should be enabled for all IAM users
- AWS > PCI v3.2.1 > IAM > 7 IAM user credentials should be disabled if not used within a predefined number of days
- AWS > Turbot > IAM > User > Managed
Quick Actions
- Delete from AWS
- Set Tags
- Skip alarm for Active control
- Skip alarm for Active control [90 days]
- Skip alarm for Approved control
- Skip alarm for Approved control [90 days]
- Skip alarm for Tags control
- Skip alarm for Tags control [90 days]
Category
In Your Workspace
- Controls by Resource Type report
- Policy Settings by Resource Type report
- Resources by Resource Type report
Developers
- tmod:@turbot/aws-iam#/resource/types/user
- tmod:@turbot/turbot#/resource/categories/iam
- turbot graphql resource --id "tmod:@turbot/aws-iam#/resource/types/user"
Get Resource- select * from guardrails_resource where resource_type_uri = 'tmod:@turbot/aws-iam#/resource/types/user';
- select * from guardrails_policy_setting where filter = 'resourceTypeId:"tmod:@turbot/aws-iam#/resource/types/user"';
- select * from guardrails_notification where resource_type_uri = 'tmod:@turbot/aws-iam#/resource/types/user' and notification_type in ('resource_updated', 'resource_created');
Get ResourceGet Policy Settings (By Resource ID)Get Resource Notification
Resource Type URI
Category URI
GraphQL
CLI
Steampipe Query