Ensure unattached policies are removed

Error: Unattached policies are not removed

Bridgecrew Policy ID: BC_AWS_IAM_39
Severity: LOW

Unattached policies are not removed

Description

AWS IAM policies control access permissions for each IAM user, role and group created in your AWS account. An unattached policy is defined as a policy that does not have any principals attached to it.

We recommend that you track usage and non-usage of policies to prevent any accidental changes that may lead to future unauthorized access.

Fix - Runtime

CLI Command

To remove a policy, use the following command:

aws iam delete-policy --policy-arn <value>

Did this page help you?