Overly Permissive IAM Policies

Vulnerability Details

Cloud IAM policies grant excessive permissions beyond what is needed for the intended function, violating the principle of least privilege.

Compromised credentials with overly broad permissions could allow an attacker to access sensitive resources, modify infrastructure, exfiltrate data, or escalate privileges across the cloud environment.

Follow the principle of least privilege when defining IAM policies. Avoid using wildcard permissions. Implement regular access reviews and automated policy analysis. Use service-specific roles and condition-based policies. Enable IAM access analyzer tools.

• https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html