AWS IAM group not in use

Description

It is generally a best practice to include at least one IAM user in each IAM group. This can help to ensure that there is at least one user who has the permissions associated with the group, which can be useful if you need to delegate certain tasks or responsibilities. Additionally, including at least one IAM user in each group can also make it easier to manage the permissions for those users. For example, if you need to change the permissions associated with a group, you can simply update the group's policy rather than updating the policies for each individual user.

Code Example

{
 "resource "aws_iam_group_membership" "ok_group" {
  name = "tf-testing-group-membership"

  users = [
    aws_iam_user.user_one.name,
    aws_iam_user.user_two.name,
  ]

  group = aws_iam_group.group.name
}


resource "aws_iam_group" "group" {
  name = "test-group"
}


resource "aws_iam_user" "user_one" {
  name = "test-user"
}


resource "aws_iam_user" "user_two" {
  name = "test-user-two"
}

",
}

Remediation

Terraform

Resource: aws_iam_group_membership, aws_iam_group, aws_iam_user
Arguments: name and users of aws_iam_group_membership

Rule Details

Field	Value
ID	IAC-0452
Severity	INFO
IaC Type	Terraform
Frameworks	Terraform, TerraformPlan
Checkov ID	CKV2_AWS_14

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

AWS IAM group not in use

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

AWS IAM group not in use ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

AWS IAM group not in use

Description

Code Example

Remediation

Rule Details

References