CSPM: Add prancer policy for AWS IAM users - Githubissues

prancer-io / prancer-compliance-test

This repository includes cloud security policies for IaC and live resources.

https://www.prancer.io

39 stars 11 forks source link

CSPM: Add prancer policy for AWS IAM users #561

Closed vatsalgit5118 closed 1 year ago

vatsalgit5118 commented 1 year ago

Following are the policy rules on which need to write the rego rules and the reference of Boto3 API to get the snapshots

AWS Admin or user accounts with data access is protected by MFA
- Root User: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/iam/client/get_account_summary.html
- All users: https://boto3.amazonaws.com/v1/documentation/api/1.26.86/reference/services/iam/client/list_mfa_devices.html
Instance profile IAM should be least privileged
- https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/iam/client/list_instance_profiles.html