Terraform Administrator Access Attached

Description

Identifies when administrator-level AWS IAM policies are attached to IAM entities (users, groups, roles) in Terraform configurations. This represents a security risk as it grants overly permissive access rights that violate the principle of least privilege.

Weakness:

031 - Excessive privileges - AWS

Category: Access Subversion

Detection Strategy

• Scans Terraform resource declarations for IAM policy attachments (aws_iam_*_policy_attachment resources)

• Checks if the policy_arn attribute references known administrator policies like 'AdministratorAccess'

• Reports a vulnerability when an administrator policy is attached to any IAM user, group, or role

• Specifically monitors aws_iam_user_policy_attachment, aws_iam_group_policy_attachment, aws_iam_role_policy_attachment, and aws_iam_policy_attachment resources

Vulnerable code example

resource "aws_iam_role" "role" {
  name = "test-role"
  assume_role_policy = jsonencode({
    Version = "2012-10-17"
    Statement = [{
      Action = "sts:AssumeRole"
      Principal = {
        Service = "ec2.amazonaws.com"...

✅ Secure code example

variable "role_name" {
  description = "IAM role name"
  type        = string
  default     = "test-role"
}

resource "aws_iam_role" "role" {
  name = var.role_name...

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.