IAM Access Analyzer Not Enabled

  • Query id: e592a0c5-5bdb-414c-9066-5dba7cdea370
  • Query name: IAM Access Analyzer Not Enabled
  • Platform: Terraform
  • Severity: Low
  • Category: Best Practices
  • CWE: 710
  • URL: Github

Description

IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file
resource "aws_organizations_organization" "example2" {
  aws_service_access_principals = ["access-analyzer.amazonaws.com"]
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
/*resource "aws_organizations_organization" "example" {
  aws_service_access_principals = ["access-analyzer.amazonaws.com"]
}

resource "aws_accessanalyzer_analyzer" "examplee" {
  depends_on = [aws_organizations_organization.example]

  analyzer_name = "example"
  type          = "ORGANIZATION"
}
*/