Query: Ensure IAM policy should not grant full access to service

Description

Checks if AWS Identity and Access Management (IAM) policies grant permissions to all actions on individual AWS resources. The rule is non-compliant if the managed IAM policy allows full access to at least 1 AWS service.

Query

Tables used in this query:

• aws_iam_policy

Controls using this query:

• 21 IAM customer managed policies that you create should not allow wildcard actions for services
• Ensure IAM policy should not grant full access to service

SQL