2.8 Ensure an IAM policy that allows admin privileges for all services used is created - Review Policy Document


A policy is a document that formally states one or more permissions.

Managed policies are standalone policies that you can attach to multiple users, groups, and roles in your AWS account. Managed policies apply only to identities (users, groups, and roles) - not resources. You must ensure that you have an IAM managed policy created with admin permissions for all the AWS services used by the application.
An IAM admin policy with permissions for all the AWS services used by the application must exist for administration purposes.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.


Using the Amazon unified command line interface:

* Create an IAM managed admin policy for all AWS services used:

aws iam create-policy --policy-name <_admin_policy_name>_ --policy-document file://policy

See Also