Within the Recommendations -> Security section under the AWS Best Practices Security Policy, you may note that the recommendations include Policies that aren't attached to entities within the AWS Console.

This is due to the CloudHealth platform not collecting IAM Policy attachments by default for many tenants. 

If you find that the AWS Console doesn't return that the policy is attached to an entity, you can exclude the finding from the violation report by following these steps:

1. Open Recommendations -> Security and select the IAM Policy Attachment block.
   
   
2. Within the window that opens select the "View All" option.
   
   
   
   
3. Within the window that opens locate the Policy that is reporting in error and select the "Exclude" option and the attachment won't appear in subsequent violation reports.
   
   

Alternatively, if you would like to collect IAM Policy attachments and view these within recommendations please reach out to CloudHealth Support as the team can request that engineering enable collection of IAM Policy attachments on a per tenant basis.