πΌ [IAM.1] IAM policies should not allow full "*" administrative privileges
-
Contextual name: πΌ [IAM.1] IAM policies should not allow full "*" administrative privileges
-
ID:
/frameworks/aws-fsbp-v1.0.0/iam/01 -
Located in: πΌ Identity and Access Management (IAM)
Descriptionβ
IAM policies define a set of privileges that are granted to users, groups, or roles. Following standard security advice, AWS recommends that you grant least privilege, which means to grant only the permissions that are required to perform a task. When you provide full administrative privileges instead of the minimum set of permissions that the user needs, you expose the resources to potentially unwanted actions.
Instead of allowing full administrative privileges, determine what users need to do and then craft policies that let the users perform only those tasks. It is more secure to start with a minimum set of permissions and grant additional permissions as necessary. Do not start with permissions that are too lenient and then try to tighten them later.
Similarβ
- AWS Security Hub
- Internal
- ID:
dec-c-1abf7265
- ID:
Similar Sections (Give Policies To)β
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|
Policies (1)β
| Policy | Logic Count | Flags |
|---|---|---|
| π AWS IAM Policy allows full administrative privileges π’ | 1 | π’ x6 |
Internal Rulesβ
| Rule | Policies | Flags |
|---|---|---|
| βοΈ dec-x-157aa4b9 | 1 |