top of page
< Back

AWS Foundational Security Best Practice

IAM.21

IAM customer managed policies that you create should not allow wildcard actions for services

Severity

Cloud Platforms

Resources

LOW

AWS

AWS Identity and Access Management

This control checks whether the IAM identity-based custom policies have Allow statements that grant permissions for all actions on a service. The control fails if any policy statement includes Effect": "Allow" with "Action": "Service:*"."

bottom of page