Terraform Write Actions Wildcard Resource
Description
Detects AWS IAM policies defined in Terraform that use wildcards (*) in resource definitions while granting write permissions. This creates overly permissive access that violates the principle of least privilege and could allow unintended modifications to AWS resources.
Detection Strategy
• Inspect Terraform configuration files for IAM policy resources (aws_iam_policy, aws_iam_role_policy, aws_iam_user_policy, aws_iam_group_policy, aws_iam_policy_document)
• Check if the policy grants write/modify permissions through IAM actions
• Analyze the resource field in policy statements to identify use of wildcards (*)
• Report a vulnerability if write permissions are combined with wildcard resources
Vulnerable code example
# Overly permissive IAM policy with wildcard permissions
data "aws_iam_policy_document" "vulnerable_policy" {
statement {
effect = "Allow"
actions = [
"*" # Dangerous: Allows all actions without restriction
]
resources = [...✅ Secure code example
data "aws_iam_policy_document" "secure_policy" {
statement {
effect = "Allow"
actions = [
"s3:GetObject",
"s3:PutObject",
"s3:ListBucket" # Only grant specific S3 permissions needed
]...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.