Terraform Ssm Full Access
Description
Detects overly permissive IAM policies that grant full access to AWS Systems Manager (SSM). Having unrestricted access to SSM is a security risk as it allows complete control over system management, automation, and potentially sensitive operational data.
Detection Strategy
• Scans AWS IAM policy resources including group policies, user policies, role policies and policy documents
• Checks if the policy statements grant full access ('*') to SSM actions and resources
• Reports a vulnerability when an IAM policy grants unrestricted SSM access through 'Action' and 'Resource' fields
Vulnerable code example
resource "aws_iam_role_policy" "vulnerable_policy" {
name = "overly_permissive_policy"
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Effect = "Allow" # Vulnerable: Overly permissive Allow with wildcard actions...✅ Secure code example
resource "aws_iam_role_policy" "secure_policy" {
name = "least_privilege_policy"
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Sid = "LimitedEC2Access"...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.