IAM misconfigurations

Unused IAM Role Can be Assumed by External Identity

Platform(s)
Compliance Frameworks
  • Brazilian General Data Protection (LGPD)
  • ,
  • CCPA
  • ,
  • cis_8
  • ,
  • CPRA
  • ,
  • Data Security Posture Management (DSPM) Best Practices
  • ,
  • GDPR
  • ,
  • iso_27001_2022
  • ,
  • iso_27002_2022
  • ,
  • Mitre ATT&CK
  • ,
  • mpa
  • ,
  • New Zealand Information Security Manual
  • ,
  • NIST 800-171
  • ,
  • NIST 800-53
  • ,
  • PDPA
  • ,
  • UK Cyber Essentials

Description

Orca has found that the role {AwsIamRole}, which can be assumed by an AWS identity which is not part of the account, has not been used in the last 90 days. Removing orphaned and unused IAM roles eliminates the risk that a forgotten role will be used accidentally to allow unauthorized users to access AWS resources