IAM Policy Grants 'AssumeRole' Permission Across All Services
- Query id: 12a7a7ce-39d6-49dd-923d-aeb4564eb66c
- Query name: IAM Policy Grants 'AssumeRole' Permission Across All Services
- Platform: Ansible
- Severity: Medium
- Category: Access Control
- CWE: 284
- URL: Github
Description¶
IAM Policy should not grant 'AssumeRole' permission across all services.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
- name: Create IAM Managed Policy
community.aws.iam_managed_policy:
policy_name: "ManagedPolicy"
policy:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Action: "logs:CreateLogGroup"
Resource: "*"
Principal:
Service: "ec2.amazonaws.com"
AWS: "*"
make_default: false
state: present