Risk Level: High
Cloud Entity: IAM Role
CloudGuard Rule ID: D9.CFT.IAM.29
Covered by Spectral: No
Category: Security, Identity, & Compliance
AWS_IAM_Role should not have Policies contain-any [ PolicyDocument.Statement contain-any [ Effect='Allow' and Resource='*' ] ]
Policies.PolicyDocument.Statement.Resource to a restrictive set of resources.
An IAM role is similar to a user, in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS. However, instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it. Also, a role does not have standard long-term credentials (password or access keys) associated with it. Instead, if a user assumes a role, temporary security credentials are created dynamically and provided to the user.
- AWS CloudFormation ruleset
Updated 3 months ago