More Info:

IAM users should not have Inline policies. It is recommended that IAM policies be applied directly to groups and roles but not users.

Risk Level

Low

Address

Security

Compliance Standards

HIPAA, GDPR, CISAWS, CBP, NIST, SOC2, PCIDSS, HITRUST, NISTCSF

Triage and Remediation

Remediation

To remediate the misconfiguration “Users Should Not Have Inline Policies” in AWS using the AWS console, follow these steps:

  1. Log in to your AWS console.

  2. Navigate to the IAM (Identity and Access Management) service.

  3. Click on the “Users” tab on the left-hand side of the screen.

  4. Select the IAM user(s) with inline policies that you want to remediate.

  5. Click on the “Permissions” tab for the selected user(s).

  6. Scroll down to the “Inline Policies” section and click on the inline policy that you want to remove.

  7. Click on the “Delete” button to remove the inline policy.

  8. Repeat steps 6 and 7 for all inline policies associated with the user(s).

  9. Once all inline policies have been removed, click on the “Groups” tab for the selected user(s).

  10. Add the user(s) to a group that has the appropriate permissions.

  11. Click on the “Attach Policy” button to attach the necessary policies to the group.

  12. Review the user(s) permissions and ensure that they have the appropriate access to resources.

  13. Save the changes.

By following these steps, you can remediate the “Users Should Not Have Inline Policies” misconfiguration in AWS using the AWS console.

Additional Reading: