AWS IAM Policy Blocklist Is Respected

This policy validates that no blocklisted IAM policies are assigned to any IAM entities. This can be used to blocklist certain AWS managed IAM policies (such as various administrator level policies) to ensure they are not in use in your account.

This policy requires configuration before it can be enabled.

Remediation

To remediate this, un-attach the blocklisted policy from any IAM entities it is attached to.

Reference

AWS Adding and Removing IAM Permissions documentation

PreviousAWS IAM Group Has Users NextAWS IAM Policy Does Not Grant Full Administrative Privileges

Last updated 3 years ago