IAM misconfigurations

IAM Policy statement with service wildcard


This control checks whether the IAM identity-based policies that you create have Allow statements that use the * wildcard to grant permissions for all actions on any service. The control fails if any policy statement includes ""Effect"": ""Allow"" with ""Action"": ""Service:*"" or ""NotAction"": ""Service:*"".
  • Recommended Mitigation

    To remediate this issue, update your IAM policies so that they do not allow full ""*"" administrative privileges.