IAM policy has granted full permissions to resources

ID

aws_iam_policy_grants

Severity

high

Vendor

AWS

Resource

IAM

Tags

reachable

Description

IAM policy has granted full permissions to resources, instead of granting permissions gradually as necessary. You have the configuration Effect=Allow, Action="*".

To fix it, you must configure the actions that allow access in the Action property.

Learn more about this topic at AWS IAM policy.

Examples

{
   "Version": "2012-10-17",
   "Statement":[{
      "Effect": "Allow",
      "Action": "logs:*",
      "Resource": "*"
   }]
}

Mitigation / Fix

{
   "Version": "2012-10-17",
   "Statement":[{
      "Effect": "Allow",
      "Action": "logs:PutRetentionPolicy",
      "Resource": "*"
   }]
}