Checks whether each RAM user group includes at least one RAM user and at least one policy is attached to the RAM user group. If so, the evaluation result is Compliant.
Scenarios
This rule applies when you need to check and clear invalid RAM user groups at regular intervals. This helps you improve the efficiency of management and operations.
Risk level
Default risk level: low.
When you apply this rule, you can change the risk level based on your business requirements.
Compliance evaluation logic
- If each RAM user group includes at least one RAM user and at least one policy is attached to the RAM user group, the evaluation result is Compliant.
- If a RAM user group does not include a RAM user, the evaluation result is Incompliant. If no policy is attached to a RAM user group, the evaluation result is also Incompliant. For more information about how to remediate an incompliant configuration, see Incompliance remediation.
Rule details
| Item | Description |
|---|---|
| Rule name | ram-group-in-use-check |
| Rule identifier | ram-group-in-use-check |
| Tag | RAM and Group |
| Automatic remediation | Not supported |
| Trigger type | Periodic execution |
| Evaluation frequency | Interval of 24 hours |
| Supported resource type | RAM user |
| Input parameter | None. |
Incompliance remediation
Delete an invalid RAM user group or grant permissions to a RAM user group. For more information, see Delete an invalid RAM user group or Grant permissions to a RAM user group.