IAM Policy Grants Full Permissions
- Query id: b5ed026d-a772-4f07-97f9-664ba0b116f8
- Query name: IAM Policy Grants Full Permissions
- Platform: Ansible
- Severity: High
- Category: Access Control
- URL: Github
Description¶
IAM policy should not grant full permissions to resources from the get-go, instead of granting permissions gradually as necessary.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
- name: Create IAM Managed Policy
community.aws.iam_managed_policy:
policy_name: "ManagedPolicy"
policy:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Action: "*"
Resource: "*"
make_default: false
state: present