AWS IAM policy document has wildcard action statement.

Explanation

IAM profiles should be configured with the specific, minimum set of permissions required.

Insecure Example

The following example will fail the AWS046 check.

data "aws_iam_policy_document" "my-policy" {
	statement {
		sid = "1"

        actions = [
      		"*"
    	]
	}
}

Secure Example

The following example will pass the AWS046 check.

data "aws_iam_policy_document" "my-policy" {
	statement {
		sid = "1"

        actions = [
      		"s3:ListAllMyBuckets",
      		"ec2:DescribeInstances"
    	]
	}
}

Related Links