Back to All Checks
Low IAM

IAM customer managed policies that you create should not allow wildcard actions for services

CISPCI DSSNISTISO 27001

Description

Checks whether IAM customer managed policies have statements with 'Effect': 'Allow' with 'Action': 'Service:*' or 'NotAction': 'Service:*'.

Remediation

To modify an IAM customer managed policy to remove wildcard actions for services, follow these steps:

Steps

  1. Log in to the AWS Management Console.
  2. Navigate to the IAM Dashboard at https://console.aws.amazon.com/iam/.
  3. In the navigation pane, click on 'Policies'.
  4. Search for and select the customer managed policy that needs modification.
  5. Click on the policy name to view its details.
  6. Click on 'Policy Actions' and select 'Edit policy'.
  7. In the policy editor, locate any statements that include 'Effect': 'Allow', 'Action': 'Service:*'.
  8. Modify these statements to specify more granular permissions instead of using wildcards. For example, replace 'Service:*' with specific actions required for the service.
  9. Review the policy changes to ensure they align with your organization's security policies and requirements.
  10. Click 'Review policy' and then 'Save changes'.

Compliance

CISPCI DSSNISTISO 27001
Start Your Free Security Check