Access is not controlled through Single Sign-On (SSO)
Description
This policy is designed to ensure that access to AWS resources is managed through Single Sign-On (SSO) instead of directly created AWS IAM users. Relying on IAM for user management can lead to various risks such as weak password policies or inadequate re-certification policies, which can potentially expose your AWS environment to security breaches. On the contrary, managing access through SSO allows for more consistent application of security policies across all users and reduces the chance of unauthorized access.
Remediation
Terraform
- Resource: aws_iam_user
[source, go]
resource "aws_iam_user" "bad" { name = "example" path = "/system/"
tags = { tag-key = "tag-value" } }
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0321 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_AWS_273 |