If the Resource Access Management (RAM) user has a policy that meets the specified conditions, the evaluation result is Compliant. The policy can also be inherited from a user group.
Scenarios
Minimizing the permissions granted to RAM users can reduce security risks.
Risk level
Default risk level: medium.
When you apply this rule, you can change the risk level based on your business requirements.
Compliance evaluation logic
- If the RAM user has a policy that meets the specified conditions, the evaluation result is Compliant. The policy can also be inherited from a user group.
- If the RAM user does not have policies that meet the specified conditions, the evaluation result is Incompliant. For more information about how to remediate an incompliant configuration, see the "Incompliance remediation" section of this topic.
Rule details
| Item | Description |
|---|---|
| Rule name | ram-user-has-specified-policy |
| Rule identifier | ram-user-has-specified-policy |
| Tag | RAM and Policy |
| Automatic remediation | Not supported |
| Trigger type | Periodic execution |
| Evaluation frequency | Interval of 24 hours |
| Supported resource type | RAM user |
| Input parameter |
|
Incompliance remediation
Attach policies that meet the specified conditions to the RAM user. For more information, see Modify the document and description of a custom policy.