Iam policies
Ensure using AWS Account root user is avoided
Ensure MFA is enabled for all IAM users with a console password
Ensure credentials unused for 90 days or greater are disabled
Ensure access keys are rotated every 90 days or less
Ensure AWS IAM password policy has an uppercase character
Ensure AWS IAM password policy has a lowercase character
Ensure AWS IAM password policy has a symbol
Ensure AWS IAM password policy has a number
Ensure AWS IAM password policy has a minimum of 14 characters
Ensure AWS IAM password policy does not allow password reuse
Ensure AWS IAM password policy expires in 90 days or less
Ensure no root account access key exists
Ensure MFA is enabled for root account
Ensure hardware MFA for root account is enabled
Ensure security questions are registered in the AWS account
Ensure IAM policies are only attached to Groups and Roles
Ensure detailed billing is enabled
Ensure AWS account contact details are up-to-date
Ensure security contact information is registered
Ensure IAM instance roles are used for AWS resource access from instances
Ensure an IAM role has been created to manage incidents with AWS Support
Ensure access keys are not created during initial user setup for IAM users with a console password
Ensure IAM policies that allow full administrative privileges are not created
Ensure access keys are rotated every 30 days or less
Ensure access keys are rotated every 45 days or less
Ensure active access keys are used every 90 days or less
Ensure IAM users that are inactive for 30 days or more are deactivated
Ensure unused IAM Users and Roles are removed
Ensure user accounts unused for 90 days are removed
Ensure user accounts with administrative privileges unused for 90 days are removed
Ensure user accounts with administrative privileges unused for 90 days are removed
Ensure empty IAM groups are removed
Ensure unattached policies are removed
Ensure unused policies are detached from users
Ensure unused policies are detached from roles
Ensure unused policies are detached from groups
Ensure IAM policy documents do not allow * (asterisk) as a statement's action
Ensure IAM role allows only specific services or principals to be assumed
Ensure AWS IAM policy does not allow assume role permission across all services
Ensure SQS policy documents do not allow * (asterisk) as a statement's action
Ensure AWS IAM policy does not allow full administrative privileges
Ensure IAM policy documents do not allow * (asterisk) as a statement's action
Ensure excessive permissions are not granted for IAM users
Ensure excessive permissions are not granted for IAM roles
Ensure excessive permissions are not granted for IAM groups
Ensure excessive permissions are not granted for IAM policy
Ensure credentials unused for 180 days or greater are disabled
Ensure IAM policies do not allow credentials exposure for ECR
Ensure IAM policies do not allow data exfiltration
Ensure IAM policies do not allow permissions management / resource exposure without constraint
Ensure IAM policies does not allow write access without constraint
Ensure Amazon RDS clusters and instances have AWS IAM authentication enabled
Ensure respective logs of Amazon RDS are enabled
Ensure IAM groups include at least one IAM user
Ensure all IAM users are members of at least one IAM group
Ensure KMS key policy does not contain wildcard (*) principal
Ensure IAM policies does not allow privilege escalation
Ensure RDS database has IAM authentication enabled
Ensure RDS cluster has IAM authentication enabled