Skip to main content

IAM policies should avoid using wildcards

  • GG_ID: GG_IAC_0051
  • Severity: HIGH
  • Complexity: MEDIUM
  • Categories: PERMISSION
  • Providers: AWS
  • Potential data exposure: True
  • Visible in logs: False
  • User interaction required: False
  • Privileges required: True


Identity and access management (IAM) ensures that the right people and job roles in the organization can access the tools they need for their tasks. IAM policies define the permissions to resources. A too permissive policy could grant access to certain undesired resources or actions.


Misconfigured permissions or direct access to storage drives can lead to data leak.

Remediation guidelines#

Replace the wildcard * permissions in the configuration file to grant only the required ones to perform a task. Start with a minimum set of permissions and grant additional permissions as necessary.

External documentation#