Cloud Security

AWS IAM Group Has Users

Risk

Remediation Effort

Low

Low

This policy validates that every IAM Group has at least one IAM user in it. Unused groups increase management complexity and attack surface, and should be deleted.

Remediation

To remediate this, delete any IAM groups that do not have any users in them. Alternatively, add appropriate users to the groups.

Reference