Is there a way to prevent Turbot from applying lockdown policies to IAM users and roles?

Turbot automatically applies lockdown policies to IAM users Turbot manages, i.e., Directory Users, unless that user has AWS/SuperUser rights in the account.

For IAM users and roles created by Owners, i.e., Service Users and Roles, there are guardrails that control if lockdown policies are attached for each. These guardrails are controlled by the following options:

  • IAM > Service Role Rights Management
  • IAM > Service User Rights Management

For more detail, consult the Lockdown Policies section in Guardrails for AWS Identity & Access Management (IAM).

Was this article helpful?
0 out of 0 found this helpful