IAM role trust policies should not allow all principals to assume the role¶
Description¶
Using a wildcard in the Principal attribute in a role’s trust policy would allow any IAM user in any account to access the role. This is a significant security gap and can be used by anyone to gain access to an account with potentially sensitive data.
Remediation Steps¶
AWS Console¶
AWS CLI¶
Ensure that IAM trust policies created via CLI do not use wildcards in the Principal attribute:
aws iam update-assume-role-policy --role-name Test-Role --policy-document file://policy.json
policy.json:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole",
"Condition": {}
}
]
}
Terraform¶
Ensure that IAM trust policies defined inline with the aws_iam_role or aws_iam_role_policy resources, or with a aws_iam_policy resource do not use wildcards in the
policy
block in thePrincipal
field.
Example Configuration¶
resource "aws_iam_role_policy" "example" {
name = "my_role_policy"
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = "sts:AssumeRole"
Effect = "Allow"
Principal = {
Service = "ec2.amazonaws.com"
}
},
]
})
# other required fields here
}