At least one IAM role has the SecurityAudit AWS managed policy attached
iam_securityaudit_role_created
IAM roles with the AWS managed SecurityAudit policy (arn:aws:iam::aws:policy/SecurityAudit) are identified. The focus is on whether a role exists that grants read-only visibility into security-relevant configuration across AWS services.
Risk
Without a dedicated read-only audit role, security teams lack safe visibility into configs and logs, enabling undetected misconfigurations, slower incident triage, and reliance on over-privileged access. This erodes confidentiality and integrity by letting exposure persist unnoticed.
prowler aws --checks iam_securityaudit_role_created
Recommendation
Establish a dedicated audit role and attach the AWS managed SecurityAudit policy. Enforce least privilege and separation of duties: restrict who can assume it, require MFA, monitor usage, and avoid write permissions. Prefer federated access and regularly review and rotate access.
Remediation
aws iam attach-role-policy --role-name <example_resource_name> --policy-arn arn:aws:iam::aws:policy/SecurityAudit
- In the AWS Console, go to IAM > Roles
- Open any existing role that is appropriate for read-only security auditing
- Click "Add permissions" > "Attach policies"
- Search for "SecurityAudit", check the box for the AWS managed policy named SecurityAudit
- Click "Add permissions" to attach the policy (the account now has at least one role with SecurityAudit attached)
Source Code
Resource Type
AwsIamPolicy