Restrict IAM asterisk action High

IAM policy documents detect the use of asterisk as an action for statements. Make sure IAM policy documents do not permits the use of asterisk as an action for statements.

Detector ID
terraform/restrict-iam-asterisk-action-terraform@v1.0
Category
Common Weakness Enumeration (CWE) external icon

Noncompliant example

1data "aws_iam_policy_document" "policy" {
2  version = "2012-10-17"
3
4  # Compliant: This IAM policy restricts administrative privileges.
5  statement {
6    actions = ["*"]
7    effect  = "Allow"
8    resources = [
9      "*"
10    ]
11  }
12}

Compliant example

1data "aws_iam_policy_document" "policy" {
2  version = "2012-10-17"
3
4  # Compliant: This IAM policy restricts administrative privileges.
5  statement {
6    actions = ["S3:*"]
7    effect  = "Allow"
8    resources = [
9      "*"
10    ]
11  }
12}