This event detects an AWS IAM policy change.
Why this Event is Important
IAM policies are one of the ways to authenticate and grant permissions to the users in the AWS environment. Unauthorized IAM policy changes can grant unauthorized users elevated access privileges. Attackers commonly use this to escalate privileges and laterally move across the environment.
Check who made the last IAM policy change and what was changed. Look for unexpected IAM policy changes and monitor for any anomalies.
Ensure that IAM policy changes are made only by administrators and are logged.