IAM granted directly to user.
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | iam |
| Provider | |
| Vulnerability Type | omission |
Description#
The configuration grants IAM permissions directly to individual user accounts instead of assigning them through roles, groups, or service accounts, making access control harder to manage and audit. This approach increases the risk of misconfiguration and unauthorized access.
Impact#
Directly assigning permissions to users can lead to excessive or lingering privileges, complicate revocation processes, and increase the risk of accidental or intentional misuse. This can result in unauthorized access to sensitive resources, data exposure, or disruption of critical services.
Resolution#
Roles should be granted permissions and assigned to users