top of page
AWS Foundational Security Best Practice
IAM.21
IAM customer managed policies that you create should not allow wildcard actions for services
Severity
Cloud Platforms
Resources
LOW
AWS
AWS Identity and Access Management
This control checks whether the IAM identity-based custom policies have Allow statements that grant permissions for all actions on a service. The control fails if any policy statement includes Effect": "Allow" with "Action": "Service:*"."
bottom of page