Table of contents

9 July 2021 - Rule Update Notice

Custom Policy Updates

The custom policy has been updated to version 1.32 as a result of the new deployment. You’ll need to update your custom policy to the latest version. The following permission has been added:

  • iam:ListPolicyTags

Click here to access the latest Custom Policy.

New Rule


IAM-070: Check for IAM User user group membership

This rule ensures that your Amazon Identity and Access Management (IAM) users are members of at least one IAM group to adhere to IAM security best practices.

Rule Updates

  1. The following rules will now return no checks for findings suppressed in AWS:
    • TrustAdvisor-001: Trusted Advisor Service Limits
    • TrustAdvisor-002: Trusted Advisor Checks
    • TrustAdvisor-003: Exposed IAM Access Keys
  2. IAM-045: IAM Policies With Full Administrative Privileges
    The rule now supports exceptions via Tags and Resource id.
  3. IAM-066 - AWS IAM Groups with Admin Privileges Updated the rule to add exceptions based on resource Tags and IDs.

Bug Fixes

  1. ELBv2-004: ELBv2 Minimum Number of EC2 Target Instances
    Fixed a bug that generated false negatives when the ELBv2 service API experienced throttling.
  2. ASG-007: Auto Scaling Group Referencing Missing ELB
    Fixed a bug where Conformity Bot generated an incorrect result for the rule due to throttling.