| Plugin Title | Empty Groups |
| Cloud | AWS |
| Category | IAM |
| Description | Ensures all groups have at least one member |
| More Info | While having empty groups does not present a direct security risk, it does broaden the management landscape which could potentially introduce risks in the future. |
| AWS Link | http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_WorkingWithGroupsAndUsers.html |
| Recommended Action | Remove unused groups without users |
- Log into the AWS Management Console.
- Select the "Services" option and search for IAM.
- Scroll down the left navigation panel and choose "Groups".
- Under the "Groups" configuration panel check the "Users" column.If the "Users" column won't have any user make sure to delete that "Group" as it could potentially introduce risks in the future.
- Repeat steps number 3 and 4 to verify other "Groups" with at least one user.
- Click on the "Groups" in the left navigation panel and select the "Group" with no user.
- Select "Group Actions" option from the top menu and click on the "Delete Group" to delete the selected "Group".
- Click on the "Yes,Delete" button in the "Delete Group" tab to delete the selected "Group".
