Query: IAM roles should not have cross-account write access policies

Description

This control checks whether IAM roles have policies that allow write access to resources in other AWS accounts. Such policies can pose a security risk as they may allow unauthorized access to resources in other accounts.

Query

Tables used in this query:

• aws_iam_policy
• aws_iam_role

Controls using this query:

• IAM roles should not have cross-account write access policies

SQL