Back to All Checks
High IAM

IAM policies should not allow full administrative privileges

CISISO 27001HIPAA

Description

Checks if any IAM policies in the account have full administrative privileges by allowing all actions as "Effect": "Allow" with Action: "*" over Resource: "*".

Remediation

To modify IAM policies that grant full administrative privileges, follow these steps:

Steps

  1. Sign in to the AWS Management Console with an account that has IAM permissions.
  2. Open the IAM console at https://console.aws.amazon.com/iam/.
  3. In the navigation pane, select 'Policies'.
  4. Identify policies with full administrative privileges. These are policies with statements that allow all ('*') actions on all ('*') resources.
  5. Select a policy to edit. Click on the policy name to open its summary page.
  6. Click on 'Edit policy'.
  7. Modify the policy to restrict permissions. Avoid using statements that allow all actions on all resources.
  8. Review the changes and click 'Review policy'.
  9. Provide a name and description for the policy version, and click 'Create policy version'.

Compliance

CISISO 27001HIPAA
Start Your Free Security Check