IAM misconfigurations

Internet-Facing Ec2 Instance Has Full Access to S3

Description

The internet-facing asset {AwsEc2Instance} ({AwsEc2Instance.InstanceId}) was found to have full access to your S3 resources. Instance Profiles with the AmazonS3FullAccess policy attached grant unrestricted access (Action: 's3:*') to S3 resources on the account (Resource: '*'). In the event that the asset is compromised, this will grant the attacker full access to any data stored on your S3 resources.
  • Recommended Mitigation

    Detach the 'AmazonS3FullAccess' policy from the instance's Instance Profile ({AwsEc2Instance.InstanceProfile}). When writing policies, make sure to adhere to the 'Least Privilege' principal, as described here: <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" target="_blank" rel="noopener noreferrer">https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html</a>