IAM Access Analyzer Not Enabled
- Query id: e592a0c5-5bdb-414c-9066-5dba7cdea370
- Query name: IAM Access Analyzer Not Enabled
- Platform: Terraform
- Severity: Low
- Category: Best Practices
- CWE: 710
- URL: Github
Description¶
IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "aws_organizations_organization" "example2" {
aws_service_access_principals = ["access-analyzer.amazonaws.com"]
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
/*resource "aws_organizations_organization" "example" {
aws_service_access_principals = ["access-analyzer.amazonaws.com"]
}
resource "aws_accessanalyzer_analyzer" "examplee" {
depends_on = [aws_organizations_organization.example]
analyzer_name = "example"
type = "ORGANIZATION"
}
*/