IAM Groups, Users, and Roles No Inline Policies Rule

This rule states that IAM groups, users, and roles should not have any inline policies.

Rule	IAM groups, users, and roles should not have any inline policies
Framework	RBI Cyber Security Framework
Severity	✔ Low

Rule Description: No inline policies for RBI Cyber Security Framework in IAM groups, users, and roles.

Inline policies in IAM (Identity and Access Management) allow for the direct assignment of policies to individual IAM entities such as groups, users, and roles within an AWS account. However, it is recommended that no inline policies are present for RBI (Reserve Bank of India) Cyber Security Framework compliance.

Inline policies are not centralized and can lead to manual errors, inconsistent enforcement, and difficulties in auditing and managing permissions. By avoiding inline policies, it ensures a clearer separation of duties, simplifies policy management, and promotes compliance with RBI Cyber Security Framework.

Troubleshooting Steps:

If any inline policies are found, follow these steps for remediation.

1.

Identify the affected entity: Determine whether the inline policy is attached to an IAM group, user, or role. This can be done by reviewing the AWS IAM console or using AWS CLI commands.

2.
Disable or remove the inline policy: Depending on the severity and necessity of the inline policy, you can choose either of the following options:
- Disable: If the inline policy is necessary for the entity but violates RBI Cyber Security Framework compliance, you can disable the policy temporarily while pursuing an alternative solution.
- Remove: If the inline policy is unnecessary or can be replaced with managed policies or permission boundaries, remove the policy entirely.

3.

Replace with managed policies: Managed policies, which can be attached directly to IAM entities, are recommended over inline policies. These policies can be versioned, centrally managed, and have better visibility and control.

4.

Review and test IAM entity permissions: After removing or disabling the inline policy, ensure that the respective IAM entity still has the necessary permissions to perform its intended functions. Review and adjust the attached managed policies or permission boundaries accordingly.

Necessary Codes:

There are no specific codes required for this rule. However, you can use the AWS CLI to identify and manage inline policies.

To list all the inline policies attached to an IAM entity, use the following AWS CLI command:

aws iam list-inline-policies --entity-name <entity-name>

To remove an inline policy from an IAM entity, use the following AWS CLI command:

aws iam delete-role-policy --role-name <role-name> --policy-name <policy-name>

Replace

<role-name>

and

<policy-name>

with the appropriate values.

Step-by-step Guide for Remediation:

1.

Identify the IAM group, user, or role that has inline policies violating RBI Cyber Security Framework compliance.

2.
Determine the appropriate action based on the severity and necessity of the inline policy:
- If the policy is necessary but non-compliant, explore alternatives such as managed policies or permission boundaries.
- If the policy is unnecessary, remove it entirely.

3.
Disable or remove the inline policy as per the previously identified action:
- To temporarily disable the policy, go to the IAM console, find the entity, and click on the "Permissions" tab. Locate the inline policy and disable it.
- To remove the policy, use the AWS CLI command mentioned earlier.

4.
Replace the inline policy with managed policies:
- Access the IAM console.
- Find the respective IAM entity (group, user, or role) and navigate to the "Permissions" tab.
- Click on "Attach policies" and search for the relevant managed policies.
- Select the appropriate managed policies and attach them to the entity.

5.
Test the permissions:
- Ensure that the IAM entity can still perform its intended functions without the inline policy.
- If necessary, adjust the attached managed policies or permission boundaries to provide the required permissions.

By following these steps, you can ensure compliance with RBI Cyber Security Framework by avoiding inline policies for IAM groups, users, and roles.

IAM Groups, Users, and Roles No Inline Policies Rule

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Troubleshooting Steps:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Necessary Codes:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Step-by-step Guide for Remediation:

Is your System Free of Underlying Vulnerabilities? Find Out Now

Troubleshooting Steps:

Necessary Codes:

Step-by-step Guide for Remediation:

Is your System Free of Underlying Vulnerabilities?
Find Out Now