How to resolve aws config non-compliant rules
I tried to find problems in the AWS environment through AWS config.
The config pack I used is operational-best-practices-for-cis.
Many other rules passed as compliant, but one rule
iamsupportpolicyinuse-conformance-pack is displayed as out of compliance.
Many attempts have been made to change the rule into compliance.
The 'aws support access' policy was added to the accounts, groups, and roles used in iam and reevaluated, but it is marked as non-compliant.
Is there any other solution??
I will attach an image.
- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
I've tried it and figured out that attaching IAM policy arn:aws:iam::aws:policy/AWSSupportAccess to IAM user is not enough. I've attached it to one group and one IAM role, reevaluated the AWS Config rule, and it became Compliant
Contenuto pertinente
AWS UFFICIALEAggiornata 3 anni fa- AWS UFFICIALEAggiornata 3 anni fa
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata un anno fa
Thank you for answer. But I didn't understand it properly. To all user groups and roles in iam Do I need to attach the arn:aws:iam::aws:policy/AWSSupportAccess policy? The way I did it IAM policy - Check the AWSSupportAccess checkbox - Actions - Connect - Check everything that appears in the IAM entity - Attach policy This will attach the AWSSupportAccess policy to all IAM ROLEs and user groups. Of course, it is only added to the ROLE I created, not the ROLE created by AWS. If you then re-evaluate your AWS CONFIG, it will be marked as non-compliant.
You don't need to add AWSSupportAccess policy to ALL IAM users and group 1 user and 1 group is enough