PlatformResourcesSign inSign Up

IAM Policies

Suggest Edits

How to Use this Page

This page lists the AWS IAM Policies that Bridgecrew helps you enforce. You can browse this page, or search for a specific policy ID or short title. For each policy, press the link for more details about a policy and its fix options.

Ensure using AWS Account root user is avoided
Policy ID: BC_AWS_IAM_1

Ensure MFA is enabled for all IAM users with a console password
Policy ID: BC_AWS_IAM_2

Ensure credentials unused for 90 days or greater are disabled
Policy ID: BC_AWS_IAM_3

Ensure access keys are rotated every 90 days or less
Policy ID: BC_AWS_IAM_4

Ensure AWS IAM password policy has an uppercase character
Policy ID: BC_AWS_IAM_5

Ensure AWS IAM password policy has a lowercase character
Policy ID: BC_AWS_IAM_6

Ensure AWS IAM password policy has a symbol
Policy ID: BC_AWS_IAM_7

Ensure AWS IAM password policy has a number
Policy ID: BC_AWS_IAM_8

Ensure AWS IAM password policy has a minimum of 14 characters
Policy ID: BC_AWS_IAM_9

Ensure AWS IAM password policy does not allow password reuse
Policy ID: BC_AWS_IAM_10

Ensure AWS IAM password policy expires in 90 days or less
Policy ID: BC_AWS_IAM_11

Ensure no root account access key exists
Policy ID: BC_AWS_IAM_12

Ensure MFA is enabled for root account
Policy ID: BC_AWS_IAM_13

Ensure hardware MFA for root account is enabled
Policy ID: BC_AWS_IAM_14

Ensure security questions are registered in the AWS account
Policy ID: BC_AWS_IAM_15

Ensure IAM policies are only attached to Groups and Roles
Policy ID: BC_AWS_IAM_16

Ensure detailed billing is enabled
Policy ID: BC_AWS_IAM_17

Ensure AWS account contact details are up-to-date
Policy ID: BC_AWS_IAM_18

Ensure security contact information is registered
Policy ID: BC_AWS_IAM_19

Ensure IAM instance roles are used for AWS resource access from instances
Policy ID: BC_AWS_IAM_20

Ensure an IAM role has been created to manage incidents with AWS Support
Policy ID: BC_AWS_IAM_21

Ensure access keys are not created during initial user setup for IAM users with a console password
Policy ID: BC_AWS_IAM_22

Ensure IAM policies that allow full administrative privileges are not created
Policy ID: BC_AWS_IAM_23

Ensure access keys are rotated every 30 days or less
Policy ID: BC_AWS_IAM_24

Ensure access keys are rotated every 45 days or less
Policy ID: BC_AWS_IAM_25

Ensure active access keys are used every 90 days or less
Policy ID: BC_AWS_IAM_29

Ensure IAM users that are inactive for 30 days or more are deactivated
Policy ID: BC_AWS_IAM_30

Ensure unused IAM Users and Roles are removed
Policy ID: BC_AWS_IAM_34

Ensure user accounts unused for 90 days are removed
Policy ID: BC_AWS_IAM_35

Ensure user accounts with administrative privileges unused for 90 days are removed
Policy ID: BC_AWS_IAM_36

Ensure user accounts with administrative privileges unused for 90 days are removed
Policy ID: BC_AWS_IAM_37

Ensure empty IAM groups are removed
Policy ID: BC_AWS_IAM_38

Ensure unattached policies are removed
Policy ID: BC_AWS_IAM_39

Ensure unused policies are detached from users
Policy ID: BC_AWS_IAM_40

Ensure unused policies are detached from roles
Policy ID: BC_AWS_IAM_41

Ensure unused policies are detached from groups
Policy ID: BC_AWS_IAM_42

Ensure IAM policy documents do not allow * (asterisk) as a statement's action
Policy ID: BC_AWS_IAM_43

Ensure IAM role allows only specific services or principals to be assumed
Policy ID: BC_AWS_IAM_44

Ensure AWS IAM policy does not allow assume role permission across all services
Policy ID: BC_AWS_IAM_45

Ensure SQS policy documents do not allow * (asterisk) as a statement's action
Policy ID: BC_AWS_IAM_46

Ensure AWS IAM policy does not allow full administrative privileges
Policy ID: BC_AWS_IAM_47

Ensure IAM policy documents do not allow * (asterisk) as a statement's action
Policy ID: BC_AWS_IAM_48

Ensure excessive permissions are not granted for IAM users
Policy ID: BC_AWS_IAM_49

Ensure excessive permissions are not granted for IAM roles
Policy ID: BC_AWS_IAM_50

Ensure excessive permissions are not granted for IAM groups
Policy ID: BC_AWS_IAM_51

Ensure excessive permissions are not granted for IAM policy
Policy ID: BC_AWS_IAM_52

Ensure credentials unused for 180 days or greater are disabled
Policy ID: BC_AWS_IAM_53

Ensure IAM policies do not allow credentials exposure for ECR
Policy ID: BC_AWS_IAM_54

Ensure IAM policies do not allow data exfiltration
Policy ID: BC_AWS_IAM_55

Ensure IAM policies do not allow permissions management / resource exposure without constraint
Policy ID: BC_AWS_IAM_56

Ensure IAM policies does not allow write access without constraint
Policy ID: BC_AWS_IAM_57

Ensure Amazon RDS clusters and instances have AWS IAM authentication enabled
Policy ID: BC_AWS_IAM_59

Ensure respective logs of Amazon RDS are enabled
Policy ID: BC_AWS_IAM_60

Ensure IAM groups include at least one IAM user
Policy ID: BC_AWS_IAM_61

Ensure all IAM users are members of at least one IAM group
Policy ID: BC_AWS_IAM_62

Ensure KMS key policy does not contain wildcard (*) principal
Policy ID: BC_AWS_IAM_63

Ensure IAM policies does not allow privilege escalation
Policy ID: BC_AWS_IAM_64

Ensure RDS database has IAM authentication enabled
Policy ID: BC_AWS_IAM_65

Ensure RDS cluster has IAM authentication enabled
Policy ID: BC_AWS_IAM_66

Ensure an IAM User does not have access to the console
Policy ID: BC_AWS_IAM_67

Ensure IAM configuration modifications are detected
Policy ID: BC_AWS_ALERT_5

Updated about 2 years ago