IAM configuration modifications are not detected
Description
AWS IAM enables users to delegate broad or granular access rights with a few lines of code. Tracking IAM configuration changes ensures that these configurations are carefully inspected, and manual or unexpected changes are also logged and tracked.
IAM Policy actions in CloudTrail use the following prefix before the action: cloudtrail:.
Policy statements include either an Action or NotAction element. CloudTrail defines its own set of actions that describe tasks you can perform with this service.
AWS IAM policy modifications that are tracked, include:
- DetachGroupPolicy, AttachGroupPolicy, DeleteGroupPolicy, PutGroupPolicy
- DetachUserPolicy, AttachUserPolicy, DeleteUserPolicy, PutUserPolicy
- DetachRolePolicy, AttachRolePolicy, DeleteRolePolicy, PutRolePolicy
- CreatePolicyVersion, DeletePolicyVersion
- CreatePolicy, DeletePolicy