Json Yaml Wildcard Actions In Policy
Description
Detects overly permissive IAM policies in CloudFormation templates that use wildcard (*) actions. Using wildcards in IAM policy actions can grant excessive permissions and violate the principle of least privilege, potentially allowing unintended access to sensitive AWS resources.
Detection Strategy
• Scans CloudFormation template files for IAM managed policy resources
• Checks policy statements for action fields containing wildcard characters (*)
• Reports a vulnerability if an 'Allow' effect policy uses wildcard actions
• Focuses specifically on managed policy resources like AWS::IAM::ManagedPolicy
• Evaluates each policy statement individually within the IAM resource
Vulnerable code example
Resources:
DangerousRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow...✅ Secure code example
Resources:
SecureRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.