Query: IAM policies should not allow full '*' administrative privileges

Description

This control checks whether the default version of IAM policies (also known as customer managed policies) has administrator access that includes a statement with 'Effect': 'Allow' with 'Action': '*' over 'Resource': '*'. The control only checks the customer managed policies that you create. It does not check inline and AWS managed policies.

Query

Tables used in this query:

• aws_iam_policy

Controls using this query:

• 1 IAM policies should not allow full '*' administrative privileges
• IAM policies should not allow full '*' administrative privileges

SQL