Terraform Wildcard Resource All Actions Locals

Description

Identifies overly permissive IAM policies defined within Terraform locals blocks. This vulnerability occurs when policies use wildcards (*) for resources while allowing all actions, which could grant excessive privileges and violate the principle of least privilege.

Weakness:

325 - Excessive privileges - Wildcards

Category: Access Subversion

Detection Strategy

• Scans Terraform configuration files for 'locals' blocks containing IAM policy definitions

• Identifies policy statements that use wildcards (*) in the resource field

• Checks if these wildcard resources are combined with unrestricted actions or permissions

• Reports a vulnerability when a locals block contains policy definitions granting broad access to all actions on wildcard resources

Vulnerable code example

locals {
  vulnerable_policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Action = ["*"],              # Dangerous: Allows all actions with wildcard
        Effect = "Allow"
        Resource = "*"               # Dangerous: Unrestricted access to all resources...

✅ Secure code example

locals {
  secure_policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Action = [                    # Specify only required actions instead of wildcard
          "s3:GetObject",
          "s3:PutObject",...

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.