Too Many Users Access AWS Console Without SSO

Overview

All users should access AWS accounts through Single Sign On (SSO). A small number of IAM users may have direct console access for break-glass and emergency purposes such as the SSO portal going down.

This check identifies accounts where more than the set number of users (defaults to 2) access the account directly through IAM and not through SSO.

Vendor

AWS

Cloud Service

IAM

Input

{"allowedDirectAccessUsers":{"label":"Maximum direct console access users","value":2,"type":"number"}}

CSMM v1 IAM-03.1

References

https://docs.aws.amazon.com/singlesignon/latest/userguide/useraccess.html

Severity

Item Types

Custom::AWS::IAM::Account

Overview​

Vendor​

Cloud Service​

Input​

Related Controls​

References​

Severity​

Item Types​