AWS IAM policy permits full administrative privileges. Make sure that AWS IAM policy restricts full administrative privileges allowance.
1resource "aws_iam_policy" "ec2_pricing" {
2 name = "ec2_pricing"
3 description = "allow access to ec2 instance types and pricing information"
4 path = "/"
5 policy = jsonencode({
6 Version = "2012-10-17"
7 # Noncompliant: IAM policies that allow full "*-*" administrative privileges is created.
8 Statement = [
9 {
10 Effect = "Allow"
11 Action = [
12 "*"
13 ],
14 Resource = "*"
15 }
16 ]
17 })
18 tags = {
19 Terraformed = "true"
20 }
21}
1resource "aws_iam_policy" "ec2_pricing" {
2 name = "ec2_pricing"
3 description = "allow access to ec2 instance types and pricing information"
4 path = "/"
5 policy = jsonencode({
6 Version = "2012-10-17"
7 # Compliant: IAM policies that allow full "*-*" administrative privileges is not created.
8 Statement = [
9 {
10 Effect = "Allow"
11 Action = [
12 "ec2:DescribeInstanceTypes",
13 "ec2:DescribeRegions",
14 "pricing:*",
15 "elasticache:DescribeEngineDefaultParameters"
16 ],
17 Resource = "*"
18 }
19 ]
20 })
21 tags = {
22 Terraformed = "true"
23 }
24}