turbot/aws_compliance

Control: IAM unattached custom policy should not have statements with admin access

Description

AWS Identity and Access Management (IAM) can help you incorporate the principles of least privilege and separation of duties with access permissions and authorizations, restricting policies from containing 'Effect': 'Allow' with 'Action': '*' over 'Resource': '*'.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.iam_custom_policy_unattached_no_star_star

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.iam_custom_policy_unattached_no_star_star --share

SQL

This control uses a named query:

iam_custom_policy_unattached_no_star_star

Tags