iam-policy-in-use - AWS Config

iam-policy-in-use

Checks whether the IAM policy ARN is attached to an IAM user, or a group with one or more IAM users, or an IAM role with one or more trusted entity.

Identifier: IAM_POLICY_IN_USE

Trigger type: Periodic

AWS Region: All supported AWS regions except Asia Pacific (Osaka), Europe (Milan), Africa (Cape Town) Region

Parameters:

policyARN
Type: String

An IAM policy ARN to be checked.

policyUsageType (Optional)
Type: String

Specify whether you expect the policy to be attached to an IAM user, group or role. Valid values are IAM_USER, IAM_GROUP, IAM_ROLE, or ANY. Default value is ANY.

AWS CloudFormation template

To create AWS Config managed rules with AWS CloudFormation templates, see Creating AWS Config Managed Rules With AWS CloudFormation Templates.