This rule ensures that IAM users are assigned to at least one group for proper access control.
Rule | IAM users should be in at least one group |
Framework | NIST 800-171 Revision 2 |
Severity | ✔ High |
IAM Rule: Users should be in at least one group for NIST 800-171 Revision 2
Description
According to NIST 800-171 Revision 2, it is recommended to organize IAM users into groups to efficiently manage access permissions and security policies. This rule ensures that all IAM users within an AWS account are assigned to at least one group. By properly configuring user groups, you can enforce security controls and restrict access to sensitive resources, reducing the risk of unauthorized access and potential exposure of sensitive data.
Troubleshooting Steps
If any IAM user is not assigned to a group, follow these troubleshooting steps to remediate the issue:
Necessary Codes
There are no specific codes required for this rule as it focuses on the configuration and assignment of IAM users to groups. However, you may need to utilize AWS CLI commands for troubleshooting and remediation.
Step-by-Step Guide for Remediation
Follow the steps below to ensure that all IAM users are assigned to at least one group:
It is essential to regularly review and update group memberships as user permissions or access requirements change over time.