Description

The internet-facing asset {AwsEc2Instance} ({AwsEc2Instance.InstanceId}) was found to have full administrative privileges to your account. Instance Profiles with full administrative privileges attached grant unrestricted access (Action: '*') to any resources on the account (Resource: '*'). In the event that the asset is compromised, this may potentially lead to full account takeover.

• 

  Recommended Mitigation

  Detach policies containing full administrative privileges from the instance's Instance Profile ({AwsEc2Instance.InstanceProfile}). When writing policies, make sure to adhere to the 'Least Privilege' principal, as described here: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html