Quick Info
| Plugin Title | Group Inline Policies |
| Cloud | AWS |
| Category | IAM |
| Description | Ensures that groups do not have any inline policies |
| More Info | Managed Policies are recommended over inline policies. |
| AWS Link | https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html |
| Recommended Action | Remove inline policies attached to groups |
Detailed Remediation Steps
- Log in to the AWS Management Console.
- Select the “Services” option and search for IAM.
- Scroll down the left navigation panel and choose “User groups”.
- In the “User groups” page, click on the “Group name” to exapnd the respective attributes.
- In the “User groups” summary page, click on the “Permissions” and check for attached inline policies.
- Repeat steps 2 - 5 to check other “User groups” in the account.
- Navigate to IAM dashboard at https://console.aws.amazon.com/iam/.
- In the “IAM dashboard”, click on the “User groups” option at the left navigation panel.
- In the “User groups” page, select the group name for which inline policies need to be removed.
- Select the inline policy by selecting the checkbox and click on the “Remove” button under the “Permissions” tab.
- On the “Remove” tab, enter the inline policy name and click on the “Delete” button to remove the inline policy. <img src="/resources/aws/iam/iam-role-last-used/step11.png)
- Repeat steps number 7 - 11 to remove inline policies attached to groups.