Role Can be Assumed by Anyone

IAM misconfigurations

Role Can be Assumed by Anyone

Platform(s)

Compliance Frameworks

CCPA
CPRA
Data Security Posture Management (DSPM) Best Practices
iso_27001_2022
iso_27002_2022
Mitre ATT&CK
NIST 800-171
NIST 800-53
PDPA
UK Cyber Essentials

Description

The IAM role {AwsIamRole} has the Principal value set to ""AWS"": ""*"", and the Action value set to ""sts:AssumeRole"". Such a role can be assumed by anyone. This violates the principle of least privilege and puts your AWS resources at an increased risk of unauthorized access.

Role Can be Assumed by Anyone

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS