iam-policy-in-use
Checks whether the IAM policy ARN is attached to an IAM user, or a group with one or more IAM users, or an IAM role with one or more trusted entity.
Identifier: IAM_POLICY_IN_USE
Trigger type: Periodic
AWS Region: All supported AWS regions except Asia Pacific (Osaka), Europe (Milan), Africa (Cape Town) Region
Parameters:
- policyARN
- Type: String
-
An IAM policy ARN to be checked.
- policyUsageType (Optional)
- Type: String
-
Specify whether you expect the policy to be attached to an IAM user, group or role. Valid values are IAM_USER, IAM_GROUP, IAM_ROLE, or ANY. Default value is ANY.
AWS CloudFormation template
To create AWS Config managed rules with AWS CloudFormation templates, see Creating AWS Config Managed Rules With AWS CloudFormation Templates.