Description:
This policy ensures that the etc/user report is shared with the appropriate stakeholders. This report contains information about the users who have access to the Linux server, including their usernames, home directories, and groups.
Rationale:
The etc/user report is a valuable tool for auditing access to the Linux server. By sharing this report with the appropriate stakeholders, organizations can ensure that only authorized users have access to the server.
Impact:
Sharing the etc/user report will have no impact on the availability or performance of the Linux server. However, it may increase the amount of data that is stored in AWS.
Default Value:
AWS does not share the etc/user report by default.
Pre-requisites:
- The user must have the appropriate permissions to share the etc/user report.
- The user must have access to the AWS Management Console or the AWS CLI.
- The user must have a shared folder or S3 bucket where the report can be stored.
Remediation Steps:
To disable this policy, the user can follow these steps:
- In the AWS Management Console, navigate to the IAM & Admin page.
- Click on the Policies tab.
- Select the policy that you want to disable.
- Click on the Disable button.
Test Plan:
To test this policy, the user can follow these steps:
- Enable the policy.
- Generate the etc/user report.
- Verify that the report is shared with the appropriate stakeholders.
Implementation Plan:
To implement this policy, the user can follow these steps:
- Enable the policy.
- Generate the etc/user report.
- Share the report with the appropriate stakeholders.
AWS CLI Process:
To enable this policy using the AWS CLI, the user can run the following command:
aws iam update-policy --policy-name <policy-name> --policy-document file://<policy-document-file>
The policy-document-file
file should contain the following JSON:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "iam:ShareReport", "Resource": "*" } ] }
Using AWS GUI:
To enable this policy using the AWS GUI, the user can follow these steps:
- In the AWS Management Console, navigate to the IAM & Admin page.
- Click on the Policies tab.
- Select the policy that you want to enable.
- Click on the Edit button.
- In the Policy Document section, paste the following JSON:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "iam:ShareReport", "Resource": "*" } ] }
- Click on the Save button.
Backout Plan:
To revoke this policy, the user can follow these steps:
- In the AWS Management Console, navigate to the IAM & Admin page.
- Click on the Policies tab.
- Select the policy that you want to revoke.
- Click on the Delete button.
Note:
- This policy is not required for all AWS environments.
- The user should test the policy to ensure that it is working as expected.
- The user should revoke this policy if it is no longer needed.
Reference:
- AWS IAM Policy Reference: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html
- AWS CLI Command Reference: https://docs.aws.amazon.com/cli/latest/reference/iam/
Section 2:
- Tags: etc, user, report, share
- Keywords: IAM, policy, audit, compliance