lacework-global-212
Identity and Access Management (IAM) group has too many members (Manual)
Description
Alert when an IAM group has more than your specified maximum number of members. Reduce number of group members to be less than your specified maximum number of members. IAM group membership frequently grants access to resources and features. Group memberships that have too many members might represent overly permissive privileges given to too many users.
Remediation
From Console:
- Login to OCI console.
- Select Identity from Services menu.
- Select Groups from Identity menu, or select Domains, select a domain, and select Groups.
- Click the name of a group with too many members.
- Check the box next to any users to remove from the group.
- Click Remove user from group.
- Click Remove user from group to confirm the removal.
- Repeat steps 3-7 for all groups with too many members.
From CLI:
Execute the following command to locate IDs of users belonging to a group:
oci iam group list-users --group-id <group_id> --query 'data[].{"ID":id,"Name":name}' --output table
For each group with too many members, execute the following command to remove a user from the group:
oci iam group remove-user --group-id <group_id> --user-id <user_id>
References
https://docs.oracle.com/en-us/iaas/cloud-guard/using/detect-recipes.htm#detect-recipes-ref-config__OCI_IAM_GRP_TOO_MANY_MEMBERS_FOUND
https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/managinggroups.htm
https://docs.oracle.com/en-us/iaas/Content/Identity/groups/remove-users-from-groups.htm
https://docs.oracle.com/en-us/iaas/tools/oci-cli/3.30.2/oci_cli_docs/cmdref/iam/group/remove-user.html