iam-role-managed-policy-check - AWS Config

iam-role-managed-policy-check

Checks if all managed policies specified in the list of managed policies are attached to the AWS Identity and Access Management (IAM) role. The rule is NON_COMPLIANT if a managed policy is not attached to the IAM role.

Identifier: IAM_ROLE_MANAGED_POLICY_CHECK

Resource Types: AWS::IAM::Role

Trigger type: Configuration changes

AWS Region: All supported AWS regions except US ISO West, Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Israel (Tel Aviv), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region

Parameters:

managedPolicyArns
Type: CSV

Comma-separated list of AWS managed policy Amazon Resource Names (ARNs). For more information, see Amazon Resource Names (ARNs) and AWS managed policies in the IAM User Guide.

AWS CloudFormation template

To create AWS Config managed rules with AWS CloudFormation templates, see Creating AWS Config Managed Rules With AWS CloudFormation Templates.