If the policies attached to a RAM user do not include specified high-risk permissions, the evaluation result is Compliant.
Scenarios
Use this rule to enforce the principle of least privilege (PoLP) for RAM users and prevent security risks caused by excessive permissions.
Risk level
Default risk level: medium.
You can change the risk level when you apply this rule.
Compliance evaluation logic
- If the policies attached to a RAM user do not include specified high-risk permissions, the evaluation result is Compliant.
- If the policies attached to a RAM user include specified high-risk permissions, the evaluation result is Incompliant. To fix this, see Incompliance remediation.
Rule details
| Item | Description |
| Rule name | ram-user-specified-permission-bound |
| Rule identifier | ram-user-specified-permission-bound |
| Tag | RAM and User |
| Automatic remediation | Not supported |
| Trigger Type | Configuration change and periodic execution |
| Evaluation frequency | Interval of 24 hours |
| Supported resource type | If you use a RAM user, perform the following steps to obtain an O&M token: |
| Input parameter | Action
Note Separate multiple values with commas (,). |
Incompliance remediation
Revoke high-risk permissions from the RAM user. For more information, see Revoke permissions from a RAM user.
该文章对您有帮助吗?