Regularly reviewing cloud user access is essential at Wiredcraft to maintain security posture and ensure compliance. This document outlines the process for conducting periodic reviews of cloud platform users and their permissions.
Review Schedule
Conduct user access reviews on a regular cadence to identify and remediate unnecessary access promptly.
| Action |
|---|
| Perform quarterly reviews for all cloud platform users |
| Conduct monthly reviews for privileged/admin accounts |
| Trigger immediate review upon employee role change or exit |
Pre-Review Preparation
Before starting the review, gather the necessary information and tools to ensure a thorough assessment.
User Inventory
Export a complete list of users from each cloud platform (AWS IAM, GCP IAM, Azure AD, etc.) including their roles, groups, and last activity timestamps.
| Action |
|---|
| Export user lists from all cloud platforms |
| Collect last login/activity dates for each user |
| Document group memberships and role assignments |
| Cross-reference with HR system for current employee status |
Access Matrix
Maintain a documented access matrix that maps job roles to required cloud permissions.
| Action |
|---|
| Define baseline permissions for each job function |
| Document any exceptions with business justification |
| Review and update access matrix annually |
Review Process
Step 1: Identify Inactive Users
Flag accounts that have not been used within the defined threshold period.
| Action |
|---|
| Flag users with no login activity in 90+ days |
| Identify service accounts with no API activity in 90+ days |
| Document reason for inactivity (leave, project end, etc.) |
Step 2: Verify User Necessity
Confirm each user account is still required and associated with an active employee or valid service need.
| Action |
|---|
| Verify user is still employed or contracted |
| Confirm service accounts are tied to active services |
| Validate external/vendor accounts have current contracts |
Step 3: Review Permission Levels
Ensure users have the minimum permissions necessary to perform their job functions (principle of least privilege).
| Action |
|---|
| Compare current permissions against role-based access matrix |
| Identify users with excessive or unused permissions |
| Flag any direct policy attachments (prefer group-based access) |
| Review privileged access (admin, root) for strict necessity |
Step 4: Check for Policy Violations
Identify any access configurations that violate security policies.
| Action |
|---|
| Identify shared accounts or credentials |
| Flag accounts without MFA enabled |
| Detect access keys older than 90 days |
| Identify users with console and programmatic access (if restricted) |
Remediation Actions
Based on review findings, take appropriate corrective actions.
Immediate Actions
| Finding | Remediation |
|---|---|
| Terminated employee | Disable account immediately, delete after 30 days |
| Inactive user (90+ days) | Disable account, notify manager for confirmation |
| Missing MFA | Enforce MFA enrollment within 7 days |
| Excessive permissions | Reduce to baseline role permissions |
| Stale access keys | Rotate keys and update dependent services |
Documentation
| Action |
|---|
| Record all findings in the review report |
| Document remediation actions taken with timestamps |
| Obtain manager approval for any exception requests |
Review Checklist
Use this checklist to ensure completeness of each review cycle:
- User inventory exported from all cloud platforms
- Inactive users identified and flagged
- All users verified against HR/contractor records
- Permission levels reviewed against access matrix
- MFA compliance verified for all users
- Access key age reviewed and rotations scheduled
- Privileged accounts reviewed with extra scrutiny
- Remediation actions documented and executed
- Review report generated and archived
- Exceptions documented with business justification and approval