Creation of IAM policies that allow full 'asterisk-asterisk' administrative privileges is detected. Make sure to prohibit the creation of IAM policies that allow full 'asterisk-asterisk' administrative privileges.
1data "aws_iam_policy_document" "policy" {
2 version = "2012-10-17"
3
4 # Noncompliant: This IAM policy allows full "*-*" administrative privileges.
5 statement {
6 actions = ["*"]
7 effect = "Allow"
8 resources = [
9 "*"
10 ]
11 }
12}
1data "aws_iam_policy_document" "policy" {
2 version = "2012-10-17"
3
4 # Compliant: This IAM policy restricts administrative privileges.
5 statement {
6 actions = ["S3:*"]
7 effect = "Allow"
8 resources = [
9 "*"
10 ]
11 }
12}