Risk Level: High
Cloud Entity: IAM Group
CloudGuard Rule ID: D9.CFT.IAM.34
Covered by Spectral: Yes
Category: Security, Identity, & Compliance
AWS_IAM_Group should not have Policies contain-any [ PolicyDocument.Statement contain-any [ Effect = 'Allow' and Resource='*' and Action = '*'] ]
Set AWS::IAM::Group Resource and Action elements in
Policies.PolicyDocument.Statement to a specific resources and actions.
An IAM group is an entity that you create in AWS to represent a group of users. A group can have permissions associated with it.
- AWS CloudFormation ruleset
Updated 3 months ago