Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

IAM Policy Should Not Have Statements with Admin Access

This rule details that IAM policy should not include statements granting admin access.

RuleIAM policy should not have statements with admin access
FrameworkNIST 800-53 Revision 5
Severity
High

Rule Description:

The IAM policy should not include statements granting admin access as per NIST 800-53 Revision 5. Admin access refers to the highest level of privileges that can be granted in an AWS account, allowing complete control over resources and services. This rule is enforced to adhere to security best practices and prevent unauthorized access or misuse of sensitive data.

Troubleshooting Steps:

If you encounter any issues related to IAM policies with admin access, follow these troubleshooting steps:

  2. 1.
    Identify the affected IAM policy: Review the IAM policies associated with the user, group, or role that is experiencing the issue.
  4. 2.
    Verify NIST 800-53 compliance: Check if the policy statement grants admin access or privileges that violate the NIST 800-53 Revision 5 guidelines.
  6. 3.
    Review policy statements: Analyze each statement within the policy to identify the one granting admin access. Pay attention to the "Effect", "Action", "Resource", and "Condition" fields.

Remediation:

To remediate the IAM policy that violates the rule, follow the step-by-step guide below:

  2. 1.
    Open the AWS Management Console and navigate to the IAM service.
  4. 2.
    Identify the user, group, or role associated with the policy that needs to be modified.
  6. 3.
    Select the corresponding entity and click the "Permissions" tab.
  8. 4.
    Under the "Inline Policies" or "Managed Policies" section, locate the policy that violates the rule.
  10. 5.
    Click on the policy name to open the policy editor.
  12. 6.
    Identify the statement granting admin access within the policy.
  14. 7.
    Modify the policy by removing or updating the statement to only grant the necessary permissions according to the principle of least privilege.
  16. 8.
    Click "Review Policy" to validate the changes made.
  18. 9.
    If there are no validation errors, click "Save Changes" to apply the updated policy.

Relevant Code:

If you prefer to use AWS CLI or AWS SDK for automation, here's an example command to update an IAM policy:

aws iam put-user-policy --user-name <USER_NAME> --policy-name <POLICY_NAME> --policy-document file://policy.json

Ensure that you replace 

<USER_NAME>
with the actual IAM user name and 
<POLICY_NAME>
with the name of the policy you want to update. Also, modify the 
policy.json
file to reflect the desired policy document without any admin access statements.

Conclusion:

By following the troubleshooting steps and performing the recommended remediation actions, you can ensure that the IAM policy adheres to the security requirements defined by NIST 800-53 Revision 5. Regularly reviewing and updating policies can help ensure proper access controls and minimize the risk of unauthorized privilege escalation within your AWS environment.

Is your System Free of Underlying Vulnerabilities?
Find Out Now