IAM policies should adhere to least-privilege

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Description

IAM policies define privileges granted to users, groups, or roles. Best practice recommends granting only the permissions necessary to perform specific tasks. Begin with minimal permissions, adding more as necessary, rather than starting with overly permissive settings. Granting full administrative privileges instead of essential permissions can expose resources to potential misuse or compromise. It’s critical to remove policies with "Effect": "Allow" combined with "Action": "*" and "Resource": "*" to minimize security risks.

Remediation

For guidance on removing overly permissive policies and properly configuring IAM policies, refer to Policies and permissions in AWS Identity and Access Management.