Ensure IAM policies that allow full ":" administrative privileges are not attached with control tower

LOW

Description

Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.

Remediation

In AWS Console -

Sign in to the AWS Console and open the IAM Console.
Under Access Management, select Policies.
Expand the policy you wish to edit using the + symbol.
Select Edit and configure the policy accordingly.
Select Review policy, then Save.

In Terraform -

In the aws_iam_policy resource, update the policy field accordingly.

References:
https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-edit.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy#policy

Policy Details

Rule Reference ID: AC_AWS_0213

CSP: AWS

Remediation Available: Yes

Domain: Identity and Access Management

Resource: aws_iam_policy

Resource Category: Identity and Access Management (IAM)

Resource Type: Policy

Frameworks

GDPR
HIPAA
ISO-27001
NIST-800-171
NIST-800-53
NIST-CSF
SOC2
NY-DFS

Detections

Analytics

Ensure IAM policies that allow full ":" administrative privileges are not attached with control tower

LOW

Description

Remediation

Policy Details

Frameworks

Detections

Analytics

Ensure IAM policies that allow full "*:*" administrative privileges are not attached with control tower

LOW

Description

Remediation

Policy Details

Frameworks

Ensure IAM policies that allow full ":" administrative privileges are not attached with control tower