Ensure that roles defined in Serverless Framework files should not have policies granting full administrative privileges
It is important to avoid having '*' in the resource in the serverless framework IAM role because this can grant too much access to your Lambda functions and expose them to potential security risks. Instead, it is recommended to specify the exact resources your functions need to interact with and limit the actions they can perform on those resources.
Risk Level: high
Platform: AWS Serverless
Spectral Rule ID: SLFW003
REMEDIATION
Change in statements.Resource
set to the '*' to a specific definition
service: service
frameworkVersion: '2'
provider:
name: aws
runtime: nodejs12.x
iam:
role:
name: custom-role-name
statements:
- Effect: 'Allow'
- Resource: '*'
+ Resource: 'arn:aws:s3:::my-bucket-name/example'
Action: 'iam:DeleteUser'
Read more:
Updated over 1 year ago