IAM role trust policies should not allow all principals to assume the role

Description

Using a wildcard in the Principal attribute in a role’s trust policy would allow any IAM user in any account to access the role. This is a significant security gap and can be used by anyone to gain access to an account with potentially sensitive data.

Console Remediation Steps

• Navigate to IAM.

• Select the role that includes the trust policy here.

• Navigate to the Trust Relationships tab, and select Edit trust relationship

• Ensure that the Principal attribute does not include any wildcards (*)

CLI Remediation Steps

• Ensure that IAM trust policies created via CLI do not use wildcards in the Principal attribute: ``` aws iam update-assume-role-policy –role-name Test-Role –policy-document file://policy.json

policy.json: {

“Version”: “2012-10-17”, “Statement”: [

{

“Effect”: “Allow”, “Principal”: {

“Service”: “ec2.amazonaws.com”

},

“Action”: “sts:AssumeRole”, “Condition”: {}

}

]

}

Documentation Links

• IAM role trust policy as a resource-based policy