Json Yaml Allow Notaction Trust Policy
Description
Detects the use of NotAction in IAM trust policies within AWS CloudFormation templates. Using NotAction in trust policies is dangerous because it implements allow-by-default permissions, potentially granting unintended access to IAM roles by allowing all actions except those explicitly denied.
Detection Strategy
• Analyzes CloudFormation template resources of type 'AWS::IAM::Role'
• Examines the role's trust policy (AssumeRolePolicyDocument) for NotAction elements
• Reports a vulnerability if NotAction is found within an Allow effect statement in the trust policy
• The finding indicates a security risk where the role might grant broader permissions than intended
Vulnerable code example
Resources:
VulnerableRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow...✅ Secure code example
Resources:
SecureRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.