turbot/aws_compliance

Control: IAM policy should not grant full access to cloudtrail service

Description

CloudTrail is a critical service and IAM policies should follow least privilege model for this service in particular. This control is non-compliant if the managed IAM policy allows full access to cloudtrail service.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.iam_policy_no_full_access_to_cloudtrail

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.iam_policy_no_full_access_to_cloudtrail --share

SQL

This control uses a named query:

iam_policy_no_full_access_to_cloudtrail

Tags