Json Yaml Wildcard Action In Trust Policy
Description
Detects overly permissive IAM trust policies in CloudFormation templates that use wildcard actions ('*'). Using wildcards in trust policies allows any action to be performed, which violates the principle of least privilege and could let principals perform unauthorized actions.
Detection Strategy
• Check CloudFormation templates for IAM resources (roles, users, or managed policies)
• Examine trust policy documents within these IAM resources
• Look for Action or NotAction elements that contain wildcard characters ('*')
• Flag trust policies that grant overly broad permissions through wildcard actions
Vulnerable code example
Resources:
DangerousPolicy:
Type: AWS::IAM::ManagedPolicy
Properties:
Description: Overly permissive policy with security issues
PolicyDocument:
Version: '2012-10-17'
Statement:...✅ Secure code example
AWSTemplateFormatVersion: '2010-09-09'
Resources:
SecurePolicy:
Type: AWS::IAM::ManagedPolicy
Properties:
Description: Limited permission policy with specific scoped actions
PolicyDocument:
Version: '2012-10-17'...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.