Ensure empty IAM groups are removed

Error: Empty IAM groups are not removed

Bridgecrew Policy ID: BC_AWS_IAM_38
Severity: LOW

Empty IAM groups are not removed


AWS IAM groups are collections of IAM users. Groups let you specify permissions for multiple users, which can make it easier to manage the permissions across users. Any user in a group automatically has the permissions that are assigned to the group. If a new user joins your organization and needs administrator privileges, you can assign the appropriate permissions by adding the user to the relevant group.

We recommend that you track usage and non-usage of groups to prevent any accidental changes that may lead to future unauthorized access.

Fix - Runtime

CLI Command

To remove an IAM group, use the following command:

aws iam delete-group --group-name <value>