Aqua CSPM

Group Inline Policies

Quick Info

Plugin TitleGroup Inline Policies
CloudAWS
CategoryIAM
DescriptionEnsures that groups do not have any inline policies
More InfoManaged Policies are recommended over inline policies.
AWS Linkhttps://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html
Recommended ActionRemove inline policies attached to groups

Detailed Remediation Steps

  1. Log in to the AWS Management Console.
  2. Select the “Services” option and search for IAM.
  3. Scroll down the left navigation panel and choose “User groups”.
  4. In the “User groups” page, click on the “Group name” to exapnd the respective attributes.
  5. In the “User groups” summary page, click on the “Permissions” and check for attached inline policies.
  6. Repeat steps 2 - 5 to check other “User groups” in the account.
  7. Navigate to IAM dashboard at https://console.aws.amazon.com/iam/.
  8. In the “IAM dashboard”, click on the “User groups” option at the left navigation panel.
  9. In the “User groups” page, select the group name for which inline policies need to be removed.
  10. Select the inline policy by selecting the checkbox and click on the “Remove” button under the “Permissions” tab.
  11. On the “Remove” tab, enter the inline policy name and click on the “Delete” button to remove the inline policy. <img src="/resources/aws/iam/iam-role-last-used/step11.png)
  12. Repeat steps number 7 - 11 to remove inline policies attached to groups.