iam-policy-in-use

Checks whether the IAM policy ARN is attached to an IAM user, or a group with one or more IAM users, or an IAM role with one or more trusted entity.

Identifier: IAM_POLICY_IN_USE

Trigger type: Periodic

AWS Region: All supported AWS regions except Asia Pacific (Osaka), Europe (Milan), Africa (Cape Town) Region

Parameters:

policyARN
Type: String: An IAM policy ARN to be checked.
policyUsageType (Optional)
Type: String: Specify whether you expect the policy to be attached to an IAM user, group or role. Valid values are IAM_USER, IAM_GROUP, IAM_ROLE, or ANY. Default value is ANY.

AWS CloudFormation template

To create AWS Config managed rules with AWS CloudFormation templates, see Creating AWS Config Managed Rules With AWS CloudFormation Templates.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

iam-policy-blacklisted-check

iam-policy-no-statements-with-admin-access