Json Yaml Policy Attached To User
Description
Detects when IAM policies (managed or inline) are directly attached to IAM users in CloudFormation templates. This is a security concern because attaching policies directly to users makes access management and auditing more difficult compared to role-based access control. AWS recommends attaching policies to groups or roles instead of individual users.
Detection Strategy
• Identifies CloudFormation resources of type 'AWS::IAM::ManagedPolicy' or 'AWS::IAM::Policy'
• Checks if the policy resource has a 'Properties' section that includes a 'Users' attribute
• Reports a vulnerability when policies are configured to attach directly to IAM users rather than groups or roles
Vulnerable code example
Resources:
DangerousPolicy:
Type: AWS::IAM::ManagedPolicy # Vulnerable: Creates an IAM managed policy without sufficient restrictions
Properties:
Description: Overly permissive policy
PolicyDocument:
Version: '2012-10-17'
Statement:...✅ Secure code example
Resources:
RestrictedPolicy:
Type: AWS::IAM::ManagedPolicy # Secure: Creates IAM policy with least privilege access
Properties:
Description: Restricted policy with specific permissions
Path: /
PolicyDocument:
Version: '2012-10-17'...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.