IAM Policy On User
- Query id: e4239438-e639-44aa-adb8-866e400e3ade
- Query name: IAM Policy On User
- Platform: CloudFormation
- Severity: Medium
- Category: Access Control
- URL: Github
Description¶
IAM policies should be applied to groups and not to users
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
#this is a problematic code where the query should report a result(s)
Resources:
BadPolicy:
Type: AWS::IAM::Policy
Properties:
Description: Policy for something.
Path: "/"
PolicyDocument:
Version: '2012-10-17'
Statement: []
Users:
- Ref: TestUser
Positive test num. 2 - json file
{
"Resources": {
"BadPolicy": {
"Type": "AWS::IAM::Policy",
"Properties": {
"Description": "Policy for something.",
"Path": "/",
"PolicyDocument": {
"Statement": [],
"Version": "2012-10-17"
},
"Users": [
{
"Ref": "TestUser"
}
]
}
}
}
}