---
title: AWS IAM role has administrative privileges and is inactive
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > OOTB Rules > AWS IAM role has administrative
  privileges and is inactive
---

# AWS IAM role has administrative privileges and is inactive
 
## Description{% #description %}

If an IAM role is highly privileged or has administrative privileges and is inactive, this may indicate the role is not regularly used and may be removed.

## Rationale{% #rationale %}

IAM roles should be scoped down to have the fewest privileges needed to perform their function. In the event a role has not been used for an extended period of time, this may indicate that the role is no longer needed and can be removed.

## Remediation{% #remediation %}

Determine if the role is needed for a particular function and if not, remove it.