Ensure no policy is attached that may cause privilege escalation for AWS IAM Role Policy

HIGH

Description

Few actions ('iam:passrole', 'lambda:createfunction', 'lambda:invokefunc*'), will increase the probability of privilege escalation.

Remediation

In AWS Console -

Sign in to the AWS Console and open the IAM Console.
Under Access Management, select Roles.
Choose the role you wish to edit.
Under Permissions policies, expand the policy you wish to edit using the + symbol.
Select Edit and configure the policy accordingly.
Select Review policy, then Save.

In Terraform -

In the aws_iam_role_policy resource, update the assume_role_policy field accordingly.

References:
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy

Policy Details

Rule Reference ID: AC_AWS_0462

CSP: AWS

Remediation Available: Yes

Domain: Identity and Access Management

Resource: aws_iam_role_policy

Resource Category: Identity and Access Management (IAM)

Resource Type: Policy

Frameworks

GDPR
HIPAA
ISO-27001
NIST-800-171
NIST-800-53
NIST-CSF