How to resolve Sprinto check to ensure at least one IAM policy is created for a group

About:

Sprinto Check: AWS groups should have at least one IAM policy

This Sprinto check verifies that each AWS Identity and Access Management (IAM) group in your AWS environment has at least one IAM policy attached to it. IAM policies are essential for defining permissions and access controls for AWS resources.

Purpose:

The purpose of this check is to ensure that AWS groups are properly configured with the necessary permissions to perform their intended operations. Without any IAM policies attached, the members of an IAM group would not have any permissions granted, effectively rendering the group useless.

How to fix

Note: Mark the above Sprinto check as a "Special case" if your integrated AWS account has no groups or if you don't wish to attach the IAM policy to a group for any reason. Refer to marking Sprinto check as a special case for detailed steps.

Before you begin:

• Ensure you have administrator privilege on the AWS account to review the IAM policies.

Ensuring IAM policy:

1. Log in to the AWS Console using your credentials.

2. Navigate to the IAM service.

3. Click User Groups from the left-side navigation bar.

   
4. Select any user group from the list.

   
5. Select the Permissions tab and review if there are any IAM policies attached.

   
6. If there are no policies attached to any user group, you can attach a policy or delete the user group.

7. Repeat the above steps for all user groups from the AWS account.

Sprinto detects the configuration change and sets the check status to “Passing.”

Contact Sprinto support if you have any queries related to the check or need assistance.