IAM misconfigurations

Role Can be Assumed by Anyone

Risk Level

Imminent Compromised (2)

Compliance Frameworks


The IAM role {AwsIamRole} has the Principal value set to ""AWS"": ""*"", and the Action value set to ""sts:AssumeRole"". Such a role can be assumed by anyone. This violates the principle of least privilege and puts your AWS resources at an increased risk of unauthorized access.
  • Recommended Mitigation

    While defining principals for a role trust policy, adhere to the principle of least privilege.