IAM policies should not have full “*:*” administrative privileges


IAM policies should start with a minimum set of permissions and include more as needed rather than starting with full administrative privileges. Providing full administrative privileges when unnecessary exposes resources to potentially unwanted actions.

Console Remediation Steps

  • Navigate to Identity and Access Management.

  • In the left navigation, select Policies.

  • Select the Policy and edit the document to define only the necessary permissions to ensure least privilege.

  • Repeat for each policy that allows for Allow and Action set to * and Resource set to *.

CLI Remediation Steps