In this scenario, we have a use case where a customer accidentally created an IAM role policy that is overly permissive. Our goal here is to detect the IAM role and fix it so it only grants access to those who absolutely need it.
Here are the configurations that you should apply
After you complete configurations, click Filter Check again.
Locate the Conformity check that pertains to the misconfiguration of this scenario (IAM Role Policy Too Permissive). Next to it, select Resolve, which will populate the step-by-step instructions for remediating this misconfiguration.
Clicking the (+) icon on the left side of the Conformity checks will allow you to see more details about the discovered misconfiguration. It also provides direct link to the resource to help you to review and fix it.
Clicking Resolve will bring you to the Knowledge Base where you will find step-by-step instructions on how to remediate the misconfiguration found by Conformity. In this case, you will find multiple use cases for remediation so you can choose the best approach based on your least privilege access strategy for giving users permission to resources in the cloud.
For this lab you can apply Case C in the Knowledge Base:
After completing the remediation for those two use cases, you can return to the Conformity dashboard and click Run Conformity Bot to run a new process.
The default Conformity process for monitoring is hourly checks performed by the Conformity bot. You can also manually run the checks or enable the real-time monitoring feature.
After couple minutes the Conformity Bot check will finish and you can check if the previous configuration will now appear as Succeeded instead of Failed.