IAM customer managed policies should not allow wildcard actions for services

iam
This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Description

IAM customer managed policies that allow wildcard actions for services (for example, "Action": "*") can lead to unintended security risks by providing overly broad permissions. Best practices dictate that policies should be as specific as possible, granting only the necessary permissions required for a task. By avoiding wildcards in actions, you can significantly reduce the risk of unauthorized access and actions within your AWS environment.

Remediation

See the IAM Policies and Wildcards and Modifying Customer Managed Policies documentation for steps on how to identify and rectify policies that use wildcard actions.