πΌ [IAM.21] IAM customer managed policies that you create should not allow wildcard actions for services
-
Contextual name: πΌ [IAM.21] IAM customer managed policies that you create should not allow wildcard actions for services
-
ID:
/frameworks/aws-fsbp-v1.0.0/iam/21 -
Located in: πΌ Identity and Access Management (IAM)
Descriptionβ
When you assign permissions to AWS services, it is important to scope the allowed IAM actions in your IAM policies. You should restrict IAM actions to only those actions that are needed. This helps you to provision least privilege permissions. Overly permissive policies might lead to privilege escalation if the policies are attached to an IAM principal that might not require the permission.
Similarβ
- AWS Security Hub
- Internal
- ID:
dec-c-a4276be8
- ID:
Similar Sections (Give Policies To)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ NIST SP 800-53 Revision 5 β πΌ AC-2 Account Management | 13 | 17 | 30 | |
| πΌ NIST SP 800-53 Revision 5 β πΌ AC-2(1) Account Management _ Automated System Account Management | 4 | 16 | ||
| πΌ NIST SP 800-53 Revision 5 β πΌ AC-3 Access Enforcement | 15 | 4 | 17 | |
| πΌ NIST SP 800-53 Revision 5 β πΌ AC-3(7) Access Enforcement _ Role-based Access Control | 7 | |||
| πΌ NIST SP 800-53 Revision 5 β πΌ AC-3(15) Access Enforcement _ Discretionary and Mandatory Access Control | 10 | |||
| πΌ NIST SP 800-53 Revision 5 β πΌ AC-5 Separation of Duties | 1 | |||
| πΌ NIST SP 800-53 Revision 5 β πΌ AC-6 Least Privilege | 10 | 21 | 26 | |
| πΌ NIST SP 800-53 Revision 5 β πΌ AC-6(2) Least Privilege _ Non-privileged Access for Nonsecurity Functions | 4 | 4 | ||
| πΌ NIST SP 800-53 Revision 5 β πΌ AC-6(3) Least Privilege _ Network Access to Privileged Commands | 2 | |||
| πΌ NIST SP 800-53 Revision 5 β πΌ AC-6(10) Least Privilege _ Prohibit Non-privileged Users from Executing Privileged Functions | 2 |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|