AWS046 - AWS IAM policy document has wildcard action statement.

Written by tfsec

Explanation

IAM profiles should be configured with the specific, minimum set of permissions required.

Insecure Example

The following example will fail the AWS046 check.

data "aws_iam_policy_document" "bad_example" {
	statement {
		sid = "1"

        actions = [
      		"*"
    	]
	}
}

Secure Example

The following example will pass the AWS046 check.

data "aws_iam_policy_document" "good_example" {
	statement {
		sid = "1"

        actions = [
      		"s3:ListAllMyBuckets",
      		"ec2:DescribeInstances"
    	]
	}
}

---