SES Policy allow actions for all principals

ID

aws_ses_policy_actions_all_principals

Severity

high

Vendor

AWS

Resource

IAM

Tags

reachable

Description

SES Policy allow actions for all principals, instead of granting permissions gradually as necessary. You have the configuration Effect=Allow, Principal="*".

To fix it, you must configure the actions for specific principals.

Learn more about this topic at AWS SES.

Examples

{
  "Version": "2012-10-17",
  "Statement":[{
    "Effect": "Allow",
    "Principal": "*",
    "Action": "ses:PutIdentityPolicy"
  }]
}

Mitigation / Fix

{
  "Version": "2012-10-17",
  "Statement":[{
    "Effect": "Allow",
    "Principal": {
      "AWS":"arn:aws:iam::111122223333:root"
    },
    "Action": "ses:PutIdentityPolicy"
  }]
}