Table: aws_iam_user_attached_policies
This table shows data for IAM User Attached Policies.
https://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachedPolicy.html (opens in a new tab)
The composite primary key for this table is (account_id, user_arn, policy_name).
Relations
This table depends on aws_iam_users.
Columns
| Name | Type |
|---|---|
| _cq_id | uuid |
| _cq_parent_id | uuid |
| account_id (PK) | utf8 |
| user_arn (PK) | utf8 |
| policy_name (PK) | utf8 |
| user_id | utf8 |
| policy_arn | utf8 |
Example Queries
These SQL queries are sampled from CloudQuery policies and are compatible with PostgreSQL.
IAM users should not have IAM policies attached
SELECT
DISTINCT
'IAM users should not have IAM policies attached' AS title,
aws_iam_users.account_id,
arn AS resource_id,
CASE
WHEN aws_iam_user_attached_policies.user_arn IS NOT NULL
OR aws_iam_user_policies.user_arn IS NOT NULL
THEN 'fail'
ELSE 'pass'
END
AS status
FROM
aws_iam_users
LEFT JOIN aws_iam_user_attached_policies ON
aws_iam_users.arn = aws_iam_user_attached_policies.user_arn
LEFT JOIN aws_iam_user_policies ON
aws_iam_users.arn = aws_iam_user_policies.user_arn;