IAM policy allows administrative privileges

IAM misconfigurations

IAM policy allows administrative privileges

Platform(s)

Compliance Frameworks

CCPA
CPRA
Data Security Posture Management (DSPM) Best Practices
essential_8_au
iso_27001_2022
iso_27002_2022
Mitre ATT&CK
New Zealand Information Security Manual
NIST 800-171
NIST 800-53
Orca Best Practices
pipeda
UK Cyber Essentials

Description

Creating policies with ""Effect"": ""Allow"" and ""Action"": ""*"" over ""Resource"": ""*"" grants full administrative privileges. It was detected that IAM policy {AwsIamPolicy} grants administrative privileges. It is a best practice to start with a minimum set of permissions and grant additional permissions as required.

IAM policy allows administrative privileges

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS