Best practices

Users with Inline or Directly Attached Policies Found

Description

IAM users are granted access to services, functions, and data through IAM policies. There are three ways to define policies for a user: 1) Edit the user policy directly, aka an inline, or user, policy; 2) attach a policy directly to a user; 3) add the user to an IAM group that has an attached policy.
  • Recommended Mitigation

    Users should have their permissions managed using IAM Groups only