v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/ibm_compliance
Overview
1Dashboards
67Controls
20Queries
0Variables
GitHub

Control: 1.12 Ensure IAM users are members of access groups and IAM policies are assigned only to access groups

Description

Simplify and secure the access management process by using access groups when you assign access to groups of users with identical access needs.

Remediation

From Console

  1. Log in to IBM Cloud.
  2. From the Menubar, click Manage > Access (IAM).
  3. Click Users and select a user by clicking on the username.
  4. Click Access Policies. ***If the user has individual access policies and you wish to remove them, complete the following steps.
  5. Locate the row containing the access policy you wish to remove. Click the actions icon corresponding to that row and click Remove.

Note: Assign an access policy to an Access Group

Usage

Run the control in your terminal:

powerpipe control run ibm_compliance.control.cis_v100_1_12

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run ibm_compliance.control.cis_v100_1_12 --share

SQL

This control uses a named query:

iam_user_with_valid_phone

Tags

category = Compliance
cis = true
cis_item_id = 1.12
cis_level = 1
cis_section_id = 1
cis_type = manual
cis_version = v1.0.0
plugin = ibm
service = IBM/IAM