IAM Policies Attached To User

  • Query id: eafe4bc3-1042-4f88-b988-1939e64bf060
  • Query name: IAM Policies Attached To User
  • Platform: Ansible
  • Severity: Medium
  • Category: Access Control
  • URL: Github

Description

IAM policies should be attached only to groups or roles
Documentation

Code samples

Code samples with security vulnerabilities

Postitive test num. 1 - yaml file
- name: Assign a policy called Admin to user
  community.aws.iam_policy:
    iam_type: user
    iam_name: administrators
    policy_name: Admin
    state: present
    policy_document: admin_policy.json

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
- name: Assign a policy called Admin to the administrators group
  community.aws.iam_policy:
    iam_type: group
    iam_name: administrators
    policy_name: Admin
    state: present
    policy_document: admin_policy.json