iam-policy-no-statements-with-full-access - AWS Config

iam-policy-no-statements-with-full-access

Checks if AWS Identity and Access Management (IAM) policies grant permissions to all actions on individual AWS resources. The rule is NON_COMPLIANT if the managed IAM policy allows full access to at least 1 AWS service.

Identifier: IAM_POLICY_NO_STATEMENTS_WITH_FULL_ACCESS

Trigger type: Configuration changes

AWS Region: All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Osaka) Region

Parameters:

None

AWS CloudFormation template

To create AWS Config managed rules with AWS CloudFormation templates, see Creating AWS Config Managed Rules With AWS CloudFormation Templates.