Terraform Overpermissive Attach User Policy
Description
Detects overly permissive AWS IAM policies in Terraform configurations that could enable privilege escalation. This vulnerability occurs when IAM policies grant excessive permissions that allow users or roles to elevate their privileges by attaching additional policies or modifying their own permissions.
Detection Strategy
• Identifies Terraform AWS IAM policy resources including policy documents, user policies, role policies and group policies
• Analyzes the policy statements and permissions defined within these IAM resources
• Flags policies that allow actions related to IAM policy attachment or modification, which could enable privilege escalation
• Reports vulnerabilities when policies grant broad IAM permissions or allow users/roles to manage their own access rights
Vulnerable code example
# IAM policy allowing dangerous privilege escalation
resource "aws_iam_policy" "vulnerable_policy" {
name = "vulnerable_policy"
description = "Policy with dangerous IAM permissions"
policy = jsonencode({
Version = "2012-10-17"
Statement = [...✅ Secure code example
# Get current AWS account info
data "aws_caller_identity" "current" {}
data "aws_partition" "current" {}
# Define specific user/role for restricted access
variable "target_user_name" {
type = string
default = "example-user"...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.