IAM Customer Managed Attached Policy Allows Admin Privileges

Overview

Check that no Customer-managed IAM policies granting complete administrative privileges are attached. IAM policies assign privileges to users, groups, or roles. Adhering to the best practice of least privilege is advised and widely recognized as a security standard. This approach grants only the necessary permissions for specific tasks. It's recommended to assess what actions users need to perform, then create policies tailored to those tasks. Also, instead of providing unrestricted administrative rights, it's advisable to limit permissions to the minimum. Assigning full administrative privileges instead of confining access to the essential permissions exposes resources to potential risk.

Vendor

AWS

Cloud Service

IAM

IAM.1

References

http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html

Severity

Item Types

AWS::IAM::ManagedPolicy

Overview​

Vendor​

Cloud Service​

Related Controls​

References​

Severity​

Item Types​