iam-policy-blacklisted-check - AWS Config

翻訳は機械翻訳により提供されています。提供された翻訳内容と英語版の間で齟齬、不一致または矛盾がある場合、英語版が優先します。

iam-policy-blacklisted-check

Checks if for each IAM resource, a policy ARN in the input parameter is attached to the IAM resource. The rule is NON_COMPLIANT if the policy ARN is attached to the IAM resource. AWS Config marks the resource as COMPLIANT if the IAM resource is part of the exceptionList parameter irrespective of the presence of the policy ARN.

Identifier: IAM_POLICY_BLACKLISTED_CHECK

Trigger type: 設定変更

AWS Region: All supported AWS regions

パラメータ:

policyArns
タイプ: CSV
Default: arn:aws:iam::aws:policy/AdministratorAccess

Comma-separated list of IAM policy arns which should not be attached to any IAM entity.

exceptionList (Optional)
タイプ: CSV

Comma-separated list IAM users, groups, or roles that are exempt from this rule. 例: users:[user1;user2], groups:[group1;group2], roles:[role1;role2;role3]

AWS CloudFormation テンプレート

To create AWS Config managed rules with AWS CloudFormation templates, see Creating AWS Config Managed Rules With AWS CloudFormation Templates.