Pattern: AWS IAM policy document has wildcard action statement
Issue: -
IAM profiles should be configured with the specific, minimum set of permissions required.
Resolution: Keep policy scope to the minimum that is required to be effective.
Example of incorrect code:
data "aws_iam_policy_document" "bad_example" {
statement {
sid = "1"
actions = [
"*"
]
}
}Example of correct code:
data "aws_iam_policy_document" "good_example" {
statement {
sid = "1"
actions = [
"s3:ListAllMyBuckets",
"ec2:DescribeInstances"
]
}
}