IAM Policies
How to Use this Page
This page lists the AWS IAM Policies that Bridgecrew helps you enforce. You can browse this page, or search for a specific policy ID or short title. For each policy, press the link for more details about a policy and its fix options.
Ensure using AWS Account root user is avoided
Policy ID: BC_AWS_IAM_1
Ensure MFA is enabled for all IAM users with a console password
Policy ID: BC_AWS_IAM_2
Ensure credentials unused for 90 days or greater are disabled
Policy ID: BC_AWS_IAM_3
Ensure access keys are rotated every 90 days or less
Policy ID: BC_AWS_IAM_4
Ensure AWS IAM password policy has an uppercase character
Policy ID: BC_AWS_IAM_5
Ensure AWS IAM password policy has a lowercase character
Policy ID: BC_AWS_IAM_6
Ensure AWS IAM password policy has a symbol
Policy ID: BC_AWS_IAM_7
Ensure AWS IAM password policy has a number
Policy ID: BC_AWS_IAM_8
Ensure AWS IAM password policy has a minimum of 14 characters
Policy ID: BC_AWS_IAM_9
Ensure AWS IAM password policy does not allow password reuse
Policy ID: BC_AWS_IAM_10
Ensure AWS IAM password policy expires in 90 days or less
Policy ID: BC_AWS_IAM_11
Ensure no root account access key exists
Policy ID: BC_AWS_IAM_12
Ensure MFA is enabled for root account
Policy ID: BC_AWS_IAM_13
Ensure hardware MFA for root account is enabled
Policy ID: BC_AWS_IAM_14
Ensure security questions are registered in the AWS account
Policy ID: BC_AWS_IAM_15
Ensure IAM policies are only attached to Groups and Roles
Policy ID: BC_AWS_IAM_16
Ensure detailed billing is enabled
Policy ID: BC_AWS_IAM_17
Ensure AWS account contact details are up-to-date
Policy ID: BC_AWS_IAM_18
Ensure security contact information is registered
Policy ID: BC_AWS_IAM_19
Ensure IAM instance roles are used for AWS resource access from instances
Policy ID: BC_AWS_IAM_20
Ensure an IAM role has been created to manage incidents with AWS Support
Policy ID: BC_AWS_IAM_21
Ensure access keys are not created during initial user setup for IAM users with a console password
Policy ID: BC_AWS_IAM_22
Ensure IAM policies that allow full administrative privileges are not created
Policy ID: BC_AWS_IAM_23
Ensure access keys are rotated every 30 days or less
Policy ID: BC_AWS_IAM_24
Ensure access keys are rotated every 45 days or less
Policy ID: BC_AWS_IAM_25
Ensure active access keys are used every 90 days or less
Policy ID: BC_AWS_IAM_29
Ensure IAM users that are inactive for 30 days or more are deactivated
Policy ID: BC_AWS_IAM_30
Ensure unused IAM Users and Roles are removed
Policy ID: BC_AWS_IAM_34
Ensure user accounts unused for 90 days are removed
Policy ID: BC_AWS_IAM_35
Ensure user accounts with administrative privileges unused for 90 days are removed
Policy ID: BC_AWS_IAM_36
Ensure user accounts with administrative privileges unused for 90 days are removed
Policy ID: BC_AWS_IAM_37
Ensure empty IAM groups are removed
Policy ID: BC_AWS_IAM_38
Ensure unattached policies are removed
Policy ID: BC_AWS_IAM_39
Ensure unused policies are detached from users
Policy ID: BC_AWS_IAM_40
Ensure unused policies are detached from roles
Policy ID: BC_AWS_IAM_41
Ensure unused policies are detached from groups
Policy ID: BC_AWS_IAM_42
Ensure IAM policy documents do not allow * (asterisk) as a statement's action
Policy ID: BC_AWS_IAM_43
Ensure IAM role allows only specific services or principals to be assumed
Policy ID: BC_AWS_IAM_44
Ensure AWS IAM policy does not allow assume role permission across all services
Policy ID: BC_AWS_IAM_45
Ensure SQS policy documents do not allow * (asterisk) as a statement's action
Policy ID: BC_AWS_IAM_46
Ensure AWS IAM policy does not allow full administrative privileges
Policy ID: BC_AWS_IAM_47
Ensure IAM policy documents do not allow * (asterisk) as a statement's action
Policy ID: BC_AWS_IAM_48
Ensure excessive permissions are not granted for IAM users
Policy ID: BC_AWS_IAM_49
Ensure excessive permissions are not granted for IAM roles
Policy ID: BC_AWS_IAM_50
Ensure excessive permissions are not granted for IAM groups
Policy ID: BC_AWS_IAM_51
Ensure excessive permissions are not granted for IAM policy
Policy ID: BC_AWS_IAM_52
Ensure credentials unused for 180 days or greater are disabled
Policy ID: BC_AWS_IAM_53
Ensure IAM policies do not allow credentials exposure for ECR
Policy ID: BC_AWS_IAM_54
Ensure IAM policies do not allow data exfiltration
Policy ID: BC_AWS_IAM_55
Ensure IAM policies do not allow permissions management / resource exposure without constraint
Policy ID: BC_AWS_IAM_56
Ensure IAM policies does not allow write access without constraint
Policy ID: BC_AWS_IAM_57
Ensure Amazon RDS clusters and instances have AWS IAM authentication enabled
Policy ID: BC_AWS_IAM_59
Ensure respective logs of Amazon RDS are enabled
Policy ID: BC_AWS_IAM_60
Ensure IAM groups include at least one IAM user
Policy ID: BC_AWS_IAM_61
Ensure all IAM users are members of at least one IAM group
Policy ID: BC_AWS_IAM_62
Ensure KMS key policy does not contain wildcard (*) principal
Policy ID: BC_AWS_IAM_63
Ensure IAM policies does not allow privilege escalation
Policy ID: BC_AWS_IAM_64
Ensure RDS database has IAM authentication enabled
Policy ID: BC_AWS_IAM_65
Ensure RDS cluster has IAM authentication enabled
Policy ID: BC_AWS_IAM_66
Ensure an IAM User does not have access to the console
Policy ID: BC_AWS_IAM_67
Ensure IAM configuration modifications are detected
Policy ID: BC_AWS_ALERT_5
Updated about 2 years ago