top of page

IAM.1

IAM policies should not allow full *" administrative privileges"

Severity

Cloud Platforms

Resources

Related Standards

Automated

HIGH

AWS

AWS Identity and Access Management

AWS CIS Foundations v1.2 & v1.4, AWS Foundational Best Practice, AWS Well-Architected, AWS Foundational Technical Review, PCI DSS v3.2.1, CDR, ISO27001, SOC2, NIST CSF, NIST.800-53.r5,

YES

This AWS control checks whether the default version of AWS Identity and Access Management (IAM) policies (also known as customer managed policies) do not have administrator access with a statement that has Effect": "Allow" with "Action": "*" over "Resource": "*". It only checks for the Customer Managed Policies that you created; but not inline and AWS Managed Policies."

bottom of page