More Info:

Check if custom role policies are present

Risk Level

Medium

Address

Security

Compliance Standards

CBP,SEBI

Triage and Remediation

Remediation

To remediate the issue of IAM Managed Policies Without Associated IAM Role present in AWS IAM using the AWS Management Console, follow these step-by-step instructions:

  1. Sign in to the AWS Management Console: Go to the AWS Management Console and sign in using your AWS account credentials.

  2. Navigate to the IAM Service: Click on the “Services” dropdown in the top left corner of the console, and then select “IAM” under the Security, Identity, & Compliance section.

  3. Identify Custom Role Policies: In the IAM console, click on the “Roles” option in the left-hand menu to view a list of IAM roles in your account.

  4. Select the Role: Identify the IAM role that has custom policies attached to it. Click on the name of the role to view its details.

  5. Remove Custom Policies: In the permissions tab of the IAM role details, you will see the list of policies attached to the role. Identify the custom policies that should not be present and click on the policy to select it.

  6. Detach the Policy: Click on the “Detach Policy” button to remove the custom policy from the IAM role. Confirm the action when prompted.

  7. Review and Save Changes: Review the updated permissions for the IAM role to ensure that only the necessary managed policies are attached. Click on the “Save Changes” button to apply the changes.

  8. Verify Remediation: Once the custom role policies have been removed, verify that the IAM role now only has the necessary managed policies attached to it.

By following these steps, you can remediate the issue of IAM Managed Policies Without Associated IAM Role present in AWS IAM using the AWS Management Console.