IAM Customer Managed Unattached Policy Allows Admin Privileges

Overview

Guarantee the absence of IAM policies that grant complete administrative privileges, as there might be eventual consistency concerns if a temporary resource is utilizing such permissions. IAM policies assign privileges to users, groups, or roles. Adhering to the best practice of least privilege is advised and widely recognized as a security standard. This approach grants only the necessary permissions for specific tasks. It's recommended to assess what actions users need to perform, then create policies tailored to those tasks. Also, instead of providing unrestricted administrative rights, it's advisable to limit permissions to the minimum. Assigning full administrative privileges instead of confining access to the essential permissions exposes resources to potential risk.

Vendor

AWS

Cloud Service

IAM

IAM.1

References

http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html

Severity

Item Types

AWS::IAM::ManagedPolicy

Overview​

Vendor​

Cloud Service​

Related Controls​

References​

Severity​

Item Types​