IAM Managed Policy Applied to a User
- Query id: 0e5872b4-19a0-4165-8b2f-56d9e14b909f
- Query name: IAM Managed Policy Applied to a User
- Platform: CloudFormation
- Severity: Medium
- Category: Best Practices
- CWE: 710
- URL: Github
Description¶
Make sure that any managed IAM policies are implemented in a group and not in a user.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
Resources:
CreateTestDBPolicy:
Type: 'AWS::IAM::ManagedPolicy'
Properties:
Description: Policy for creating a test database
Path: /
PolicyDocument:
Version: 2012-10-17
Statement: []
Users:
- TestUser
Positive test num. 2 - json file
{
"Resources": {
"CreateTestDBPolicy": {
"Type": "AWS::IAM::ManagedPolicy",
"Properties": {
"Path": "/",
"PolicyDocument": {
"Statement": [],
"Version": "2012-10-17T00:00:00Z"
},
"Users": [
"TestUser"
],
"Description": "Policy for creating a test database"
}
}
}
}