This control checks whether the IAM identity-based policies that you create have Allow statements that use the * wildcard to grant permissions for all actions on any service. The control fails if any policy statement includes ""Effect"": ""Allow"" with ""Action"": ""Service:*"" or ""NotAction"": ""Service:*"".
Recommended Mitigation
To remediate this issue, update your IAM policies so that they do not allow full ""*"" administrative privileges.
IAM misconfigurations
