SEC03-BP06 Manage access based on lifecycle
Integrate access controls with operator and application lifecycle and your centralized federation provider. For example, remove a user’s access when they leave the organization or change roles.
As you manage workloads using separate accounts, there will be cases where you need to share
resources between those accounts. We recommend that you share resources using AWS Resource Access Manager (AWS RAM)
Level of risk exposed if this best practice is not established: Low
Implementation guidance
Implement a user access lifecycle policy for new users joining, job function changes, and users leaving so that only current users have access.
Resources
Related documents:
Related videos: