IAM customer managed policies should not allow wildcard actions for services

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Description

IAM customer managed policies that allow wildcard actions for services (for example, "Action": "*") can lead to unintended security risks by providing overly broad permissions. Best practices dictate that policies should be as specific as possible, granting only the necessary permissions required for a task. By avoiding wildcards in actions, you can significantly reduce the risk of unauthorized access and actions within your AWS environment.

Remediation

See the IAM Policies and Wildcards and Modifying Customer Managed Policies documentation for steps on how to identify and rectify policies that use wildcard actions.