IAM Group Without Users

  • Query id: f509931b-bbb0-443c-bd9b-10e92ecf2193
  • Query name: IAM Group Without Users
  • Platform: Ansible
  • Severity: Medium
  • Category: Access Control
  • CWE: 284
  • URL: Github

Description

IAM Group should have at least one user associated
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
- name: Group1
  iam_group:
    name: testgroup1
    state: present
Positive test num. 2 - yaml file
- name: Group2
  iam_group:
    name: testgroup2
    managed_policy:
      - arn:aws:iam::aws:policy/AmazonSNSFullAccess
    users:
    state: present

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
- name: Group3
  iam_group:
    name: testgroup2
    managed_policy:
      - arn:aws:iam::aws:policy/AmazonSNSFullAccess
    users:
      - test_user1
      - test_user2
    state: present