IAM customer managed policies should not allow wildcard actions for services

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Description

IAM customer managed policies that allow wildcard actions for services (for example, "Action": "*") can lead to unintended security risks by providing overly broad permissions. Best practices dictate that policies should be as specific as possible, granting only the necessary permissions required for a task. By avoiding wildcards in actions, you can significantly reduce the risk of unauthorized access and actions within your AWS environment.

Remediation

See the IAM Policies and Wildcards and Modifying Customer Managed Policies documentation for steps on how to identify and rectify policies that use wildcard actions.