Writing Detections
Triaging Alerts
Alert Runbooks
Built-in Policies
AWS IAM Policy Blocklist Is Respected
Risk
Remediation Effort
Critical
Low
This policy validates that no blocklisted IAM policies are assigned to any IAM entities. This can be used to blocklist certain AWS managed IAM policies (such as various administrator level policies) to ensure they are not in use in your account.
This policy requires configuration before it can be enabled.
Remediation
To remediate this, un-attach the blocklisted policy from any IAM entities it is attached to.
Reference
Copy link