IAM policy documents detect the use of asterisk as an action for statements. Make sure IAM policy documents do not permits the use of asterisk as an action for statements.
1data "aws_iam_policy_document" "policy" {
2 version = "2012-10-17"
3
4 # Compliant: This IAM policy restricts administrative privileges.
5 statement {
6 actions = ["*"]
7 effect = "Allow"
8 resources = [
9 "*"
10 ]
11 }
12}
1data "aws_iam_policy_document" "policy" {
2 version = "2012-10-17"
3
4 # Compliant: This IAM policy restricts administrative privileges.
5 statement {
6 actions = ["S3:*"]
7 effect = "Allow"
8 resources = [
9 "*"
10 ]
11 }
12}