Json Yaml Excessive Admin Privileges
Description
Detects when AWS CloudFormation templates grant excessive administrative privileges by attaching administrator policies to IAM entities. This creates security risks by violating the principle of least privilege, potentially allowing users or roles to perform unauthorized actions across AWS services.
Detection Strategy
• Scan CloudFormation template files for IAM resource definitions (AWS::IAM::User, AWS::IAM::Role, or AWS::IAM::Group)
• Check if these IAM entities have policies attached that grant administrator privileges
• Analyze policy documents to identify overly permissive administrative access (like '*' permissions or admin policy attachments)
• Report a vulnerability when an IAM entity is configured with administrative privileges
Vulnerable code example
Resources:
RiskyRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AdministratorAccess # Dangerous: Grants full admin access...✅ Secure code example
Resources:
RestrictedRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.