iam-role-managed-policy-check - AWS Config

iam-role-managed-policy-check

Checks if all AWS managed policies specified in the list of managed policies are attached to the AWS Identity and Access Management (IAM) role. The rule is NON_COMPLIANT if an AWS managed policy is not attached to the IAM role.

Identifier: IAM_ROLE_MANAGED_POLICY_CHECK

Trigger type: Configuration changes

AWS Region: All supported AWS regions except Middle East (UAE), Europe (Spain), Europe (Zurich) Region

Parameters:

managedPolicyArns
Type: CSV

Comma-separated list of AWS managed policy ARNs.

AWS CloudFormation template

To create AWS Config managed rules with AWS CloudFormation templates, see Creating AWS Config Managed Rules With AWS CloudFormation Templates.