---
names:
  full: AWS IAM Policy allows full administrative privileges
  contextual: Policy allows full administrative privileges
description: "IAM policies are the means by which privileges are granted to users,\
  \ groups, or roles. It is recommended and considered a standard security advice\
  \ to grant least privilege -that is, granting only the permissions required to perform\
  \ a task. Determine what users need to do and then craft policies for them that\
  \ let the users perform only those tasks, instead of allowing full administrative\
  \ privileges."
type: COMPLIANCE_POLICY
categories:
  - SECURITY
frameworkMappings:
  - "/frameworks/cis-aws-v7.0.0/02/14"
  - "/frameworks/cloudaware/identity-and-access-governance/general-access-controls"
  - "/frameworks/aws-fsbp-v1.0.0/iam/01"
  - "/frameworks/aws-well-architected/cost/02/04"
similarPolicies:
  awsSecurityHub:
    - name: "[IAM.1] IAM policies should not allow full \"*\" administrative privileges"
      url: "https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-1"
  cloudConformity:
    - url: https://trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/IAM/policies-with-full-administrative-privileges.html
      name: IAM Policies With Full Administrative Privileges
  internal:
    - dec-x-157aa4b9