
We currently ask our customers to create a new read-only user in their AWS account. They then attach two AWS-managed policies to this user and generate an access key and secret key, which they add to the Kloudle dashboard.
However, directly attaching managed policies to a user violates the CIS AWS Foundations Benchmark (1.16), which recommends that IAM policies be attached only to groups or roles. This violation impacts the overall compliance score.
To address this, we need to update our instructions and CloudFormation template to create a group and attach the relevant policies to the group instead.
🎩 h/t Meheryar for finding and reporting this bug to us.