IAM policies should adhere to least-privilege

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください

Description

IAM policies define privileges granted to users, groups, or roles. Best practice recommends granting only the permissions necessary to perform specific tasks. Begin with minimal permissions, adding more as necessary, rather than starting with overly permissive settings. Granting full administrative privileges instead of essential permissions can expose resources to potential misuse or compromise. It’s critical to remove policies with "Effect": "Allow" combined with "Action": "*" and "Resource": "*" to minimize security risks.

Remediation

For guidance on removing overly permissive policies and properly configuring IAM policies, refer to Policies and permissions in AWS Identity and Access Management.