What does Prowler check for the control “Check if AWS Organizations delegated administrators are trusted” ?

[alexzon-tr]

I tried to investigate by looking at the file tests/providers/aws/services/organizations/organizations_delegated_administrators/organizations_delegated_administrators_test.py but I couldn't understand what Prowler is checking for this control.

Couldn't find anything about trusted administrators in the AWS documentation either.
Any ideas?

[jfagoagas]

Hi @alexzon-tr, in AWS Organizations, from the organization's management account, you can delegate policy management for Organizations to specified member accounts to perform policy actions that are by default available only to the management account.

The check organizations_delegated_administrators verifies if the delegated administrators for your AWS Organization are present in the organizations_trusted_delegated_administrators variable in the config.yaml file, to verify that only those you trust are configured.

Rationale: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_delegate_policies.html