Feature request: flag accounts containing IAM Users
rdegraaf opened this issue · comments
Is your feature request related to a problem? Please describe.
The presence of IAM Users is not necessarily a problem: Users are a totally legitimate way to achieve various goals. However, Roles are considered a better way to achieve most of those goals in most contexts. In an account whose external access is managed through some SSO system, there should normally be no Users. IAM Users in such an environment are, as often than not, either old and forgotten or created by some dev looking for a shortcut.
Describe the solution you'd like
ScoutSuite should flag the presence of IAM Users so that a reviewer can verify that they are appropriate given the account's access control regime and requirements, and that they are properly managed.