IAM User Should Not Have Any Inline or Attached Policies Rule

This rule states that IAM users must not have any inline or attached policies assigned to them.

Rule	IAM user should not have any inline or attached policies
Framework	GxP 21 CFR Part 11
Severity	✔ Low

Rule Description: IAM User should not have any inline or attached policies for GxP 21 CFR Part 11

Overview

This rule ensures that IAM users do not have any inline or attached policies related to GxP 21 CFR Part 11. GxP 21 CFR Part 11 is a regulatory standard in the pharmaceutical industry that outlines requirements for electronic records and signatures. By enforcing this rule, you can maintain compliance with regulatory standards and protect sensitive data.

Troubleshooting Steps:

1.
Identify the IAM user: Start by identifying the IAM user who has the inline or attached policies related to GxP 21 CFR Part 11.

2.
Review policy details: Examine the details of the policy to determine if it includes any permissions or actions that are not compliant with GxP 21 CFR Part 11.

3.
Check policy attachments: Verify if the policy is attached to any IAM group or role, as it may affect multiple IAM users.

4.
Review user activity: Investigate any recent user activity to ensure there are no violations of GxP 21 CFR Part 11.

Code:

There is no specific code required for this rule, as it relies on the management of IAM policies and user permissions. However, you can use AWS CLI commands to review and modify IAM policies if necessary.

List attached policies for an IAM user:

aws iam list-attached-user-policies --user-name <user-name>

List inline policies for an IAM user:

aws iam list-user-policies --user-name <user-name>

Remove an attached policy from an IAM user:

aws iam detach-user-policy --user-name <user-name> --policy-arn <policy-arn>

Delete an inline policy from an IAM user:

aws iam delete-user-policy --user-name <user-name> --policy-name <policy-name>

Remediation Steps:

1.
Identify the IAM user: Determine the IAM user who has the inline or attached policies for GxP 21 CFR Part 11.

2.
Remove attached policies: Use the appropriate AWS CLI command to detach any attached policies related to GxP 21 CFR Part 11.

3.
Delete inline policies: If the IAM user has any inline policies related to GxP 21 CFR Part 11, delete them using the AWS CLI command.

4.
Review and test: After removing the policies, review the IAM user's permissions to ensure compliance with GxP 21 CFR Part 11.

5.
Validate access: If necessary, test the IAM user's access to resources and actions to confirm that the removal of policies has not caused any disruptions.

Note: Ensure that any necessary policies and permissions are included based on the specific requirements of the user's role and responsibilities, excluding any non-compliant policies for GxP 21 CFR Part 11.

IAM User Should Not Have Any Inline or Attached Policies Rule

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Overview

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Troubleshooting Steps:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Code:

.css-1ekaeh4{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:22px;font-weight:700;margin-top:1rem;margin-bottom:0rem;}List attached policies for an IAM user:

.css-1ekaeh4{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:22px;font-weight:700;margin-top:1rem;margin-bottom:0rem;}List inline policies for an IAM user:

.css-1ekaeh4{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:22px;font-weight:700;margin-top:1rem;margin-bottom:0rem;}Remove an attached policy from an IAM user:

.css-1ekaeh4{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:22px;font-weight:700;margin-top:1rem;margin-bottom:0rem;}Delete an inline policy from an IAM user:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Remediation Steps:

Is your System Free of Underlying Vulnerabilities? Find Out Now