Change to Policies for IAM Group

Overview

This detector will create an issue when there is a change to the inline policy, or to the list of managed policies that apply to an IAM group. Changes to the content of managed policies are not monitored by this detector.

A change could consist of one or more of the following CloudTrail events:

Adding or updating an inline policy: 'PutGroupPolicy'
Deleting an inline policy: 'DeleteGroupPolicy'
Attaching a managed policy: 'AttachGroupPolicy'
Detaching a managed policy: 'DetachGroupPolicy'

Issues are automatically resolved after a configurable duration so that future changes to the policy configuration for this group will create new issues, periodically.

This could be an indicator of privilege escalation in your environment, if not expected. Group policies can explicitly deny or allow access, so you should pay close attention to any changes.

Vendor

AWS

Overview​

Vendor​

Severity​

Overview

Vendor

Severity