Checks whether a policy that meets the specified conditions is attached to each Resource Access Management (RAM) role. If so, the evaluation result is Compliant.
Scenarios
This rule applies when you need to grant specific permissions to a RAM role. This prevents security risks that may occur due to excessive permissions.
Risk level
Default risk level: medium.
When you configure this rule, you can change the risk level based on your business requirements.
Compliance evaluation logic
- If a policy that meets the specified conditions is attached to each RAM role, the evaluation result is Compliant.
- If a policy that meets the specified conditions is not attached to a RAM role, the evaluation result is Incompliant. For more information about how to remediate an incompliant configuration, see Incompliance remediation.
Rule details
| Item | Description |
|---|---|
| Rule name | ram-role-has-specified-policy |
| Rule identifier | ram-role-has-specified-policy |
| Tag | RAM, Role, and Policy |
| Automatic remediation | Not supported |
| Trigger type | Periodic execution |
| Evaluation frequency | Interval of 24 hours |
| Supported resource type | RAM roles |
| Input parameter |
|
Incompliance remediation
Attach a policy that meets the specified conditions to a RAM role. For more information, see Modify the document and description of a custom policy.