IAM Group Without Users
- Query id: fc101ca7-c9dd-4198-a1eb-0fbe92e80044
- Query name: IAM Group Without Users
- Platform: Terraform
- Severity: Medium
- Category: Access Control
- CWE: 284
- URL: Github
Description¶
IAM Group should have at least one user associated
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "aws_iam_group_membership" "team2" {
name = "tf-testing-group-membership"
users = [
aws_iam_user.user_one2.name,
aws_iam_user.user_two2.name,
]
group = aws_iam_group.group222.name
}
resource "aws_iam_group" "group2" {
name = "test-group"
}
resource "aws_iam_user" "user_one2" {
name = "test-user"
}
resource "aws_iam_user" "user_two2" {
name = "test-user-two"
}
resource "aws_iam_group_membership" "team3" {
name = "tf-testing-group-membership"
users = [
]
group = aws_iam_group.group3.name
}
resource "aws_iam_group" "group3" {
name = "test-group"
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "aws_iam_group_membership" "team" {
name = "tf-testing-group-membership"
users = [
aws_iam_user.user_one.name,
aws_iam_user.user_two.name,
]
group = aws_iam_group.group.name
}
resource "aws_iam_group" "group" {
name = "test-group"
}
resource "aws_iam_user" "user_one" {
name = "test-user"
}
resource "aws_iam_user" "user_two" {
name = "test-user-two"
}