Skip to content

Latest commit

 

History

History
40 lines (29 loc) · 660 Bytes

AWS046.md

File metadata and controls

40 lines (29 loc) · 660 Bytes

Pattern: AWS IAM policy document has wildcard action statement

Issue: -

Description

IAM profiles should be configured with the specific, minimum set of permissions required.

Resolution: Keep policy scope to the minimum that is required to be effective.

Examples

Example of incorrect code:

data "aws_iam_policy_document" "bad_example" {
	statement {
		sid = "1"

        actions = [
      		"*"
    	]
	}
}

Example of correct code:

data "aws_iam_policy_document" "good_example" {
	statement {
		sid = "1"

        actions = [
      		"s3:ListAllMyBuckets",
      		"ec2:DescribeInstances"
    	]
	}
}