IAM role trust policies should not allow all principals to assume the role¶
Description¶
Using a wildcard in the Principal attribute in a role’s trust policy would allow any IAM user in any account to access the role. This is a significant security gap and can be used by anyone to gain access to an account with potentially sensitive data.
Console Remediation Steps¶
CLI Remediation Steps¶
Ensure that IAM trust policies created via CLI do not use wildcards in the Principal attribute:
aws iam update-assume-role-policy --role-name Test-Role --policy-document file://policy.json
policy.json:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole",
"Condition": {}
}
]
}