Aqua CSPM

Excessive Policies

Quick Info

Plugin TitleExcessive Policies
CloudORACLE
CategoryIdentity
DescriptionDetermine if there are an excessive number of policies in the account
More InfoKeeping the number of policies to a minimum helps reduce the chances of compromised accounts causing catastrophic damage to the account. Rather than creating new policies with the same statement for each group, common statements should be grouped under the same policy.
ORACLE Linkhttps://docs.cloud.oracle.com/iaas/Content/Identity/Concepts/policygetstarted.htm
Recommended ActionLimit the number of policies to prevent accidental authorizations

Detailed Remediation Steps

  1. Log in to the Oracle Cloud Platform Console.
  2. Scroll down the left navigation panel and choose the “Identity” under the “Governance and Administration.”
  3. On the Identity menu, select the “Policies” option.
  4. On the “Policy” page select the policy by clicking on the “Name” as a link to check the “Policy Statement."
  5. On the “Policy Statement” page, check whether we need the same “Policy” or not.
  6. Repeat steps number 2 - 5 to check other “Policies” in the account.
  7. Navigate to “Identity” under the “Governance and Administration” and select the “Policies” settings to remove the “Excessive Policy”.
  8. On the “Policy” page, select the policy by clicking on the checkbox and click on “Delete” option at the top.
  9. On the “Delete Policy” tab, click on the “Delete” button to make the changes.
  10. Repeat steps number 7 - 9 to limit the number of policies to prevent accidental authorizations.