Loading controls...
Benchmark: 7. Validate IAM roles
Description
As you operate your AWS accounts to iterate and build capability, you may end up creating multiple IAM roles that you discover later you don't need.
Usage
Browse dashboards and select 7. Validate IAM roles:
steampipe dashboardOr run the benchmarks in your terminal:
steampipe check aws_top_10.benchmark.account_security_validate_iam_rolesSnapshot and share results via Steampipe Cloud:
steampipe loginsteampipe check --share aws_top_10.benchmark.account_security_validate_iam_rolesControls
- Ensure that IAM Access analyzer is enabled for all regions
- IAM Access analyzer should be enabled without findings
- IAM roles should not have read only access for external AWS accounts
- IAM roles that have not been used in 60 days should be removed
- IAM role trust policies should prohibit public access