iam-role-managed-policy-check

Checks if all managed policies specified in the list of managed policies are attached to the AWS Identity and Access Management (IAM) role. The rule is NON_COMPLIANT if a managed policy is not attached to the IAM role.

Identifier: IAM_ROLE_MANAGED_POLICY_CHECK

Resource Types: AWS::IAM::Role

Trigger type: Configuration changes

AWS Region: All supported AWS regions except Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Israel (Tel Aviv), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region

Parameters:

managedPolicyArns
Type: CSV: Comma-separated list of AWS managed policy Amazon Resource Names (ARNs). For more information, see Amazon Resource Names (ARNs) and AWS managed policies in the IAM User Guide.

AWS CloudFormation template

To create AWS Config managed rules with AWS CloudFormation templates, see Creating AWS Config Managed Rules With AWS CloudFormation Templates.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

iam-policy-no-statements-with-full-access

iam-root-access-key-check