Update Check 1.16 based on CIS v1.2 05-23-2018 to include list-user-policies for Inline Polices

2026-02-10 23:05:05 +00:00 · 2018-09-11 22:56:06 -05:00
parent 62ea9135b6
commit c575b5c243
1 changed files with 5 additions and 0 deletions
--- a/checks/check116
+++ b/checks/check116
@@ -24,6 +24,11 @@ check116(){
      textFail "$user has policy directly attached "
      C116_NUM_USERS=$(expr $C116_NUM_USERS + 1)
    fi
+    USER_POLICY=$($AWSCLI iam list-user-policies --output text $PROFILE_OPT --region $REGION --user-name $user)
+    if [[ $USER_POLICY ]]; then
+      textFail "$user has inline policy directly attached "
+      C116_NUM_USERS=$(expr $C116_NUM_USERS + 1)
+    fi
  done
  if [[ $C116_NUM_USERS -eq 0 ]]; then
    textPass "No policies attached to users."