Ensure IAM configuration modifications are detected
Error: IAM configuration modifications are not detected
Bridgecrew Policy ID: BC_AWS_ALERT_5
IAM configuration modifications are not detected
AWS IAM enables users to delegate broad or granular access rights with a few lines of code. Tracking IAM configuration changes ensures that these configurations are carefully inspected, and manual or unexpected changes are also logged and tracked.
IAM Policy actions in CloudTrail use the following prefix before the action: cloudtrail:.
Policy statements include either an Action or NotAction element. CloudTrail defines its own set of actions that describe tasks you can perform with this service.
AWS IAM policy modifications that are tracked, include:
- DetachGroupPolicy, AttachGroupPolicy, DeleteGroupPolicy, PutGroupPolicy
- DetachUserPolicy, AttachUserPolicy, DeleteUserPolicy, PutUserPolicy
- DetachRolePolicy, AttachRolePolicy, DeleteRolePolicy, PutRolePolicy
- CreatePolicyVersion, DeletePolicyVersion
- CreatePolicy, DeletePolicy
Updated over 1 year ago