> For the complete documentation index, see [llms.txt](https://docs.sprinto.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.sprinto.com/monitors/authentication-and-access-monitors/how-to-resolve-sprinto-check-to-ensure-at-least-one-iam-policy-is-created-for-a-group.md).

# How to resolve Sprinto check to ensure at least one IAM policy is created for a group

### About:

Sprinto Check: AWS groups should have at least one IAM policy

This Sprinto check verifies that each AWS Identity and Access Management (IAM) group in your AWS environment has at least one IAM policy attached to it. IAM policies are essential for defining permissions and access controls for AWS resources.

### Purpose:

The purpose of this check is to ensure that AWS groups are properly configured with the necessary permissions to perform their intended operations. Without any IAM policies attached, the members of an IAM group would not have any permissions granted, effectively rendering the group useless.

### How to fix

**Note: Mark the above Sprinto check as a "Special case" if your integrated AWS account has no groups or if you don't wish to attach the IAM policy to a group for any reason. Refer to** [**marking Sprinto check as a special case**](https://sprinto.freshdesk.com/en/support/solutions/articles/72000632095-how-to-mark-a-sprinto-check-as-a-special-case) **for detailed steps.**

#### Before you begin:

* Ensure you have administrator privilege on the AWS account to review the IAM policies.

#### Ensuring IAM policy:

1. Log in to the [AWS Console](https://aws.amazon.com/console/) using your credentials.
2. Navigate to the IAM service.
3. Click User Groups from the left-side navigation bar.

   <figure><img src="https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/72099045749/original/0Z2R2Bf-zuBm1AaQc3A0zNvaszarJTSQZg.png?1716398728" alt=""><figcaption></figcaption></figure>
4. Select any user group from the list.

   <figure><img src="https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/72099045746/original/EuRGJA10AxAunEYp5BvfXPv4dS7U7wrR8A.png?1716398727" alt="" width="563"><figcaption></figcaption></figure>
5. Select the Permissions tab and review if there are any IAM policies attached.

   <figure><img src="https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/72099045748/original/yjOKMFp0AU0cHJUKvJPaD1F05Xvt-AyynQ.png?1716398727" alt="" width="563"><figcaption></figcaption></figure>
6. If there are no policies attached to any user group, you can attach a policy or delete the user group.
7. Repeat the above steps for all user groups from the AWS account.

Sprinto detects the configuration change and sets the check status to “Passing.”

Contact [Sprinto support](mailto:www.support@sprinto.com) if you have any queries related to the check or need assistance.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sprinto.com/monitors/authentication-and-access-monitors/how-to-resolve-sprinto-check-to-ensure-at-least-one-iam-policy-is-created-for-a-group.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.