Overly permissive access is granted by the AWS route table with VPC peering to all traffic. Make sure that AWS Database Migration Service endpoints have SSL configured.
1data "aws_iam_policy_document" "task_policy" {
2 version = "2012-10-17"
3
4 statement {
5 effect = "Allow"
6 # Noncompliant: IAM policies documents used "*" as a statement's action.
7 actions = [
8 "*"
9 ]
10 resources = [
11 "arn:aws:s3:::my_corporate_bucket/*",
12 ]
13 }
14}
1data "aws_iam_policy_document" "task_policy" {
2 version = "2012-10-17"
3
4 statement {
5 effect = "Allow"
6 # Compliant: IAM policies documents used specific action.
7 actions = ["s3:*"]
8 resources = [
9 "arn:aws:s3:::my_corporate_bucket/*",
10 ]
11 }
12}