- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
This rule ensures that none of your IAM users have highly privileged policies or administrative policies attached to them.
An IAM user with highly privileged or administrative permissions can access all AWS services and resources in the account. A user with these privileges could potentially, whether unknowingly or purposefully, cause security issues or data leaks. Users with these level of access may also be targeted by an adversary to compromise the entire AWS account.
Follow the Removing a permissions policy from a user docs to revoke policies from a user.
Run list-users
to get a list of current IAM users.
aws iam list-users
Run the list-user-policies
command find the users attached policies.
aws iam list-user-policies --user-name Name
Run the detach-user-policy
command to remove policies from the user.
aws iam detach-user-policy \
--user-name insert-username-here \
--policy-arn insert-policy-arn-here