IAM misconfigurations

IAM Policy statement with service wildcard

Platform(s)
Compliance Frameworks

AWS Foundational Security Best Practices Controls, Brazilian General Data Protection (LGPD), CCPA, CPRA, Data Security Posture Management (DSPM) Best Practices, GDPR, HITRUST, iso_27001_2022, iso_27002_2022, Mitre ATT&CK, New Zealand Information Security Manual, NIST 800-171, NIST 800-53, PDPA, UK Cyber Essentials

Description

This control checks whether the IAM identity-based policies that you create have Allow statements that use the * wildcard to grant permissions for all actions on any service. The control fails if any policy statement includes ""Effect"": ""Allow"" with ""Action"": ""Service:*"" or ""NotAction"": ""Service:*"".
Need help?

Get a free Security Risk Assessment. Start today

A screenshot of the Orca platform dashboard summarizing all of your cloud security risks

Personalized Demo

See Orca Security in Action

Gain visibility, achieve compliance, and prioritize risks with the Orca Cloud Security Platform.

Get a Demo