Rule: IAM Policy Should Not Have Statements with Admin Access
This rule ensures IAM policies do not contain statements granting admin access.
| Rule | IAM policy should not have statements with admin access |
| Framework | General Data Protection Regulation (GDPR) |
| Severity | ✔ High |
IAM Policy: Restricting admin access for General Data Protection Regulation (GDPR)
Description:
This IAM policy is designed to ensure that no user or role in the AWS account has admin access permissions in relation to the General Data Protection Regulation (GDPR). The GDPR is a regulation in EU law that addresses the privacy and protection of personal data for individuals within the European Union.
Rule Explanation:
The rule mandates that no IAM policy should include statements assigning admin access permissions with respect to GDPR. Admin access implies complete control and unrestricted capabilities, which may violate the privacy and security requirements mandated by the GDPR.
Troubleshooting Steps:
If any statements granting admin access for GDPR exist within IAM policies, follow the steps below for troubleshooting and remediation.
- 1.Identify the IAM policy containing the admin access statement for GDPR.
- 2.Access the AWS Management Console and navigate to the IAM service.
- 3.Select "Policies" from the left-hand menu.
- 4.Search for the policy containing the GDPR-related admin access statement.
- 5.Edit the policy by clicking on its name.
- 6.Locate and remove the statement granting admin access for GDPR.
- 7.Review the remaining policy statements to ensure they comply with GDPR requirements.
- 8.Save the changes to the policy.
Necessary Codes:
No specific code is required for this policy. The process involves directly modifying IAM policies through the AWS Management Console.
Remediation Guide:
To remediate this issue, follow the step-by-step guide provided below:
- 1.Sign in to the AWS Management Console using appropriate credentials.
- 2.Navigate to the IAM service.
- 3.Select "Policies" from the left-hand menu.
- 4.Identify the policy that needs modification by searching for its name.
- 5.Click on the policy name to access its details.
- 6.Review the policy statements and locate the one granting admin access for GDPR.
- 7.Click the "Edit policy" button.
- 8.Remove the admin access statement for GDPR.
- 9.Validate the remaining policy statements to ensure they align with GDPR requirements.
- 10.Click "Review policy" to verify the changes.
- 11.Save the modified policy.
Please note that modifying IAM policies must be done by users or roles with the necessary permissions to access and edit IAM policies.
By implementing this policy, you ensure that no user or role has admin access to GDPR-related resources and maintain compliance with the GDPR regulations.