Check if AWS Organizations delegated administrators are trusted
organizations_delegated_administrators
This check verify if there are AWS Organizations delegated administrators and if they are trusted (you can define your trusted delegated administrator in Prowler configuration)
Risk
The risk associated with having untrusted delegated administrators within an AWS Organizations is that they may have the ability to access and make changes to sensitive data and resources within an organization's AWS accounts. This can result in unauthorized access or data breaches, which can lead to financial losses, damage to reputation, and legal liabilities. It's important to carefully vet and monitor AWS Organizations delegated administrators to ensure that they are trustworthy and have a legitimate need for access to the organization's resources.
Run this check with Prowler CLI
prowler aws --checks organizations_delegated_administrators
ARN template
arn:partition:service::account-id:organization/organization-id
Remediation
Review delegated administrators
Source Code
Resource Type
Other