IAM Policies Attached To User

• Query id: eafe4bc3-1042-4f88-b988-1939e64bf060
• Query name: IAM Policies Attached To User
• Platform: Ansible
• Severity: Medium
• Category: Access Control
• URL: Github

Description

IAM policies should be attached only to groups or roles
Documentation

Code samples

Code samples with security vulnerabilities

Postitive test num. 1 - yaml file

- name: Assign a policy called Admin to user
  community.aws.iam_policy:
    iam_type: user
    iam_name: administrators
    policy_name: Admin
    state: present
    policy_document: admin_policy.json

Code samples without security vulnerabilities

Negative test num. 1 - yaml file

- name: Assign a policy called Admin to the administrators group
  community.aws.iam_policy:
    iam_type: group
    iam_name: administrators
    policy_name: Admin
    state: present
    policy_document: admin_policy.json