IAM policies should avoid using wildcards
- GG_ID: GG_IAC_0051
- Severity: HIGH
- Complexity: MEDIUM
- Categories: PERMISSION
- Providers: AWS
- Potential data exposure: True
- Visible in logs: False
- User interaction required: False
- Privileges required: True
Description#
Identity and access management (IAM) ensures that the right people and job roles in the organization can access the tools they need for their tasks. IAM policies define the permissions to resources. A too permissive policy could grant access to certain undesired resources or actions.
Impact#
Misconfigured permissions or direct access to storage drives can lead to data leak.
Remediation guidelines#
Replace the wildcard * permissions in the configuration file to grant only the
required ones to perform a task. Start with a minimum set of permissions and grant
additional permissions as necessary.