AWS IAM Policy Blocklist Is Respected

Risk

Remediation Effort

Critical

Low

This policy validates that no blocklisted IAM policies are assigned to any IAM entities. This can be used to blocklist certain AWS managed IAM policies (such as various administrator level policies) to ensure they are not in use in your account.

This policy requires configuration before it can be enabled.

Remediation

To remediate this, un-attach the blocklisted policy from any IAM entities it is attached to.

Reference

Last updated