Terraform Wildcard Resource All Actions
Description
Identifies overly permissive AWS IAM policies in Terraform configurations that use wildcards (*) to allow all actions on resources. Such policies violate the principle of least privilege and could grant excessive permissions, potentially leading to security breaches.
Detection Strategy
• Scan Terraform configuration files for AWS IAM policy resources including: group policies, user policies, role policies and policy documents
• Check if the policy statements contain wildcard (*) specifications for both resources and actions
• Flag policies that allow all actions (*) on wildcard resources (*) as they grant unrestricted access
• Report vulnerabilities for IAM policies that do not properly restrict permissions to specific actions and resources
Vulnerable code example
resource "aws_iam_role_policy" "vulnerable_policy" {
name = "overly_permissive_policy"
role = aws_iam_role.example.id
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{...✅ Secure code example
resource "aws_iam_role_policy" "secure_policy" {
name = "restricted_iam_policy"
role = aws_iam_role.example.id
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.