Checks whether each RAM user belongs to a RAM user group.
Scenario
You can use this rule to find RAM users that do not belong to a RAM user group. This ensures that all RAM users are managed.
Risk level
Default risk level: low.
You can change the risk level as required when you apply this rule.
Compliance evaluation logic
- If each RAM user belongs to a RAM user group, the evaluation result is compliant.
- If a RAM user does not belong to a RAM user group, the evaluation result is non-compliant. For more information about how to correct the non-compliant configuration, see Non-compliance remediation.
Rule details
| Item | Description |
|---|---|
| Rule name | ram-user-group-membership-check |
| Rule ID | ram-user-group-membership-check |
| Tag | RAM and User |
| Automatic remediation | Not supported |
| Trigger type | Periodic execution |
| Time interval | 24 hours |
| Supported resource type | RAM user |
| Input parameter | groupNames |
Non-compliance remediation
Add the RAM user to a RAM user group. For more information, see Add a RAM user to a RAM user group.