Json Yaml Excessive Privileges Wildcards
Description
Identifies overly permissive IAM policies in CloudFormation templates that use wildcards (*) in resource definitions or actions. Such policies violate the principle of least privilege and can grant excessive permissions, potentially allowing unintended access to AWS resources.
Detection Strategy
• Scan CloudFormation template files for IAM policy definitions
• Check policy statements for resource ARNs and action definitions
• Flag policies that use wildcards (*) in resource fields
• Flag policies that use wildcards (*) in action fields (e.g., s3:*)
• Report vulnerabilities when policies grant broad permissions instead of specific, limited access
Vulnerable code example
Resources:
AdminRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow...✅ Secure code example
Resources:
EC2ServiceRole: # Renamed to be more descriptive
Type: AWS::IAM::Role
Properties:
Description: "Role for EC2 instances with minimum required permissions"
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.