IAM groups should have at least one user attached

Description

IAM groups help manage user permissions by bundling policies that can be applied to multiple users simultaneously. If you have IAM groups that are no longer needed, it is best to remove them to avoid potential security risks. Groups with no users may indicate misconfiguration or potential security oversight, reducing the effectiveness of your access management strategy.