IAM Policy Allows Overly Permissive Role Assumption

Overview

Checks whether the customer managed IAM policy allows any role to be assumed (i.e. resource of * and action of sts:AssumeRole). If this is not properly restricted, this could lead to unwanted access. It's recommended to follow the principle of least privilege when assigning permissions to avoid a security risk.

Vendor

AWS

Cloud Service

IAM

References

https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html

Severity

Item Types

AWS::IAM::ManagedPolicy

Overview​

Vendor​

Cloud Service​

References​

Severity​

Item Types​