IAM misconfigurations

Instance Profile with Administrative Privileges

Risk Level

Hazardous (3)

Platform(s)
Compliance Frameworks

Description

Orca has detected that the instance profile {AwsIamInstanceProfile} was granted full administrative privileges on the account. These privileges grant them the ability to perform all actions on any resource in the account.
  • Recommended Mitigation

    Prefer using more explicit policies that adhere to the principle of least privilege. ## Remediation --- >1. Sign in to the AWS Management Console and open the **[IAM console](https://console.aws.amazon.com/iam/)**. >2. In the navigation pane, choose **Roles**, and then select the relevant role. >3. In order to attach the role to a more explicit policy: >>a. Under **Permissions policies** in **Permissions** tab, choose **Add permissions**. >>b. Choose **Attach policies**. >>c. Select the desired policy. >>d. Choose **Attach policies**. >4. In order to detach the role from the permissive policy: >>a. Under **Permissions policies** in **Permissions** tab, select the permissive policy. >>b. Choose **Remove**. >>c. In the confirmation dialog box, choose **Delete**.