IAM misconfigurations

IAM Group with Administrative Privileges

Risk Level

Hazardous (3)

Compliance Frameworks


Orca has detected that the group {AwsIamGroup} was granted full administrative privileges on the account. These privileges grant them the ability to perform all actions on any resource in the account.
  • Recommended Mitigation

    Prefer using more explicit policies that adhere to the principle of least privilege. ## Remediation --- >1. Sign in to the AWS Management Console and open the **[IAM console](https://console.aws.amazon.com/iam/)**. >2. In the navigation pane, choose **User groups**, and then select the relevant group. >3. In order to attach the group to a more explicit policy: >>a. Under **Permissions policies** in **Permissions** tab, choose **Add permissions**. >>b. Choose **Attach policies**. >>c. Select the desired policy. >>d. Choose **Add permissions**. >4. In order to detach the group from the permissive policy: >>a. Under **Permissions policies** in **Permissions** tab, select the permissive policy. >>b. Choose **Remove**. >>c. In the confirmation dialog box, choose **Delete**.