turbot/aws_compliance

Query: iam_group_user_role_no_inline_policies

Usage

powerpipe query aws_compliance.query.iam_group_user_role_no_inline_policies

SQL

select
arn as resource,
case
when inline_policies is null then 'ok'
else 'alarm'
end status,
'User ' || title || ' has ' || coalesce(jsonb_array_length(inline_policies), 0) || ' inline policies.' as reason
, account_id
from
aws_iam_user
union
select
arn as resource,
case
when inline_policies is null then 'ok'
else 'alarm'
end status,
'Role ' || title || ' has ' || coalesce(jsonb_array_length(inline_policies), 0) || ' inline policies.' as reason
, account_id
from
aws_iam_role
where
arn not like '%service-role/%'
union
select
arn as resource,
case
when inline_policies is null then 'ok'
else 'alarm'
end status,
'Group ' || title || ' has ' || coalesce(jsonb_array_length(inline_policies), 0) || ' inline policies.' as reason
, account_id
from
aws_iam_group;

Controls

The query is being used by the following controls: