AWS IAM policy document has wildcard action statement.
Explanation
IAM profiles should be configured with the specific, minimum set of permissions required.
Insecure Example
The following example will fail the AWS046 check.
data "aws_iam_policy_document" "my-policy" {
statement {
sid = "1"
actions = [
"*"
]
}
}
Secure Example
The following example will pass the AWS046 check.
data "aws_iam_policy_document" "my-policy" {
statement {
sid = "1"
actions = [
"s3:ListAllMyBuckets",
"ec2:DescribeInstances"
]
}
}