HIGH
Source
CloudSploit
ID
iam-user-admins

IAM User Admins

Ensures the number of IAM admins in the account are minimized

While at least two IAM admin users should be configured, the total number of admins should be kept to a minimum.

Follow the appropriate remediation steps below to resolve the issue.

  1. Log in to the AWS Management Console.

  2. Select the “Services” option and search for IAM. Step

  3. In the left navigation panel, select “Users” under “Access management”.Step

  4. Click on the User name of the IAM user that you want to inspect.Step

  5. Scroll down and click the “Permissions” tab and check if the user has “AdministratorAccess” under Policy name then the user has administrator privileges.Step

  6. Ensure that the user is authorised for administrative operations. If not then remove “AdministratorAccess” permission by clicking on the cross(x) on the extreme right column.Step

  7. On the Detach Policy pop up click on “Detach” button to detach the AdministratorAccess policy from the user.Step

  8. Repeat steps 4-7 for all other IAM users. There should be minimal number of users with AdministratorAccess policy.