Best practices

Users with Inline or Directly Attached Policies Found

Platform(s)
Compliance Frameworks

AWS CIS, AWS Foundational Security Best Practices Controls, CSA CCM, NIST 800-53, Orca Best Practices

Description

IAM users are granted access to services, functions, and data through IAM policies. There are three ways to define policies for a user: 1) Edit the user policy directly, aka an inline, or user, policy; 2) attach a policy directly to a user; 3) add the user to an IAM group that has an attached policy.