IAM users should not have the 'AdministratorAccess' policy attached

iam
이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Description

Confirm there are no Amazon IAM users (privileged users) with administrator permissions for your AWS account.

Rationale

A privileged IAM user can access all AWS services and control resources through the AdministratorAccess IAM managed policy. Any user with administrator access that should not have access can potentially, whether unknowingly or purposefully, cause security issues or data leaks.

Remediation

From the console

Follow the Removing a permissions policy from a user docs to revoke AdministratorAccess for a user.

From the command line

  1. Run list-users to get a list of current IAM users.

    aws iam list-users

  2. Run the list-user-policies command find the users attached policies.

     aws iam list-user-policies --user-name Name

  3. Run the detach-user-policy command to revoke Administrator access.

     aws iam detach-user-policy \
 --user-name insert-username-here \
 --policy-arn insert-policy-arn-here
PREVIEWING: dgreen15/github-error-fix