Detections
Analytics

Ensure Principal is removed from all AWS Organization policies

LOW

Description

Service control policies (SCPs) do not support specifying Principal as an element in the JSON structure.
References:
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_syntax.html

Remediation

In AWS Console -

  1. Sign in to the AWS console and go to the Organizations console.
  2. Under Policy Management, select Policies.
  3. Choose the policy you wish to edit.
  4. Update accordingly.

In Terraform -

  1. In the aws_organizations_policy resource, edit the policy Statement to have valid syntax.

References:
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/organizations_policy

Policy Details

Rule Reference ID: AC_AWS_0404
CSP: AWS
Remediation Available: Yes
Domain: Security Best Practices
Resource: aws_organizations_policy
Resource Category: Identity and Access Management (IAM)
Resource Type: Policy

Frameworks