How to resolve aws config non-compliant rules
I tried to find problems in the AWS environment through AWS config.
The config pack I used is operational-best-practices-for-cis.
Many other rules passed as compliant, but one rule
iamsupportpolicyinuse-conformance-pack is displayed as out of compliance.
Many attempts have been made to change the rule into compliance.
The 'aws support access' policy was added to the accounts, groups, and roles used in iam and reevaluated, but it is marked as non-compliant.
Is there any other solution??
I will attach an image.
- 新しい順
- 投票が多い順
- コメントが多い順
I've tried it and figured out that attaching IAM policy arn:aws:iam::aws:policy/AWSSupportAccess to IAM user is not enough. I've attached it to one group and one IAM role, reevaluated the AWS Config rule, and it became Compliant
関連するコンテンツ
AWS公式更新しました 2年前- AWS公式更新しました 2年前
- AWS公式更新しました 3年前
- AWS公式更新しました 10ヶ月前
Thank you for answer. But I didn't understand it properly. To all user groups and roles in iam Do I need to attach the arn:aws:iam::aws:policy/AWSSupportAccess policy? The way I did it IAM policy - Check the AWSSupportAccess checkbox - Actions - Connect - Check everything that appears in the IAM entity - Attach policy This will attach the AWSSupportAccess policy to all IAM ROLEs and user groups. Of course, it is only added to the ROLE I created, not the ROLE created by AWS. If you then re-evaluate your AWS CONFIG, it will be marked as non-compliant.
You don't need to add AWSSupportAccess policy to ALL IAM users and group 1 user and 1 group is enough