Ensure all IAM users are members of at least one IAM group
Error: Not all IAM users are members of at least one IAM group
Bridgecrew Policy ID: BC_AWS_IAM_62
Checkov Check ID: CKV2_AWS_21
Severity: LOW
Not all IAM users are members of at least one IAM group
Description
It is generally a best practice to assign all IAM users to at least one IAM group. This can help to ensure that each user has the necessary permissions to perform their tasks and responsibilities.
By assigning users to groups, you can more easily manage the permissions for those users. For example, if you need to change the permissions for a group of users, you can simply update the group's policy rather than updating the policies for each individual user.
Fix - Buildtime
Terraform
- Resource: aws_iam_group_membership, aws_iam_group, aws_iam_user
- Argument: users and group of aws_iam_group_membership
resource "aws_iam_group_membership" "ok_group" {
name = "tf-testing-group-membership"
users = [
aws_iam_user.user_good.name,
]
group = aws_iam_group.group.name
}
resource "aws_iam_group" "group" {
name = "test-group"
}
resource "aws_iam_user" "user_good" {
name = "test-user"
}
Updated 3 months ago