Json Yaml Wildcard Resource In Policy
Description
Detects overly permissive IAM policies in CloudFormation templates that use wildcard (*) characters in resource ARNs while granting write/modify permissions. Such configurations can grant unintended broad access to AWS resources, violating the principle of least privilege.
Detection Strategy
• Identifies CloudFormation templates that define IAM managed policies
• Examines policy statements for resource definitions that contain wildcard (*) characters
• Checks if these wildcard resources are associated with write/modify actions
• Reports a vulnerability when a policy grants write permissions using wildcard resources
Vulnerable code example
Resources:
DangerousPolicy:
Type: AWS::IAM::ManagedPolicy
Properties:
Description: Overly permissive policy example
PolicyDocument:
Version: "2012-10-17"
Statement:...✅ Secure code example
Resources:
SecurePolicy:
Type: AWS::IAM::ManagedPolicy
Properties:
Description: Secure policy with least privilege access
PolicyDocument:
Version: "2012-10-17"
Statement:...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.