Check provider logo

Check if AWS Organizations delegated administrators are trusted

organizations_delegated_administrators

Severityhigh
by Prowler

This check verify if there are AWS Organizations delegated administrators and if they are trusted (you can define your trusted delegated administrator in Prowler configuration)

Risk

The risk associated with having untrusted delegated administrators within an AWS Organizations is that they may have the ability to access and make changes to sensitive data and resources within an organization's AWS accounts. This can result in unauthorized access or data breaches, which can lead to financial losses, damage to reputation, and legal liabilities. It's important to carefully vet and monitor AWS Organizations delegated administrators to ensure that they are trustworthy and have a legitimate need for access to the organization's resources.

Run this check with Prowler CLI

prowler aws --checks organizations_delegated_administrators

Run in Prowler Cloud

ARN template

arn:partition:service::account-id:organization/organization-id

Remediation

Source Code

Resource Type

Other