IAM role trust policies should not allow all principals to assume the role

Description

Using a wildcard in the Principal attribute in a role’s trust policy would allow any IAM user in any account to access the role. This is a significant security gap and can be used by anyone to gain access to an account with potentially sensitive data.

Remediation Steps

AWS Console

  • Navigate to IAM.

  • Select the role that includes the trust policy.

  • Navigate to the Trust Relationships tab, and select Edit trust relationship.

  • Ensure that the Principal attribute does not include any wildcards (*).

AWS CLI

  • Ensure that IAM trust policies created via CLI do not use wildcards in the Principal attribute:

    • aws iam update-assume-role-policy --role-name Test-Role --policy-document file://policy.json

policy.json:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": "ec2.amazonaws.com"
        },
      "Action": "sts:AssumeRole",
      "Condition": {}
    }
  ]
}

Terraform

Example Configuration

resource "aws_iam_role_policy" "example" {
  name  = "my_role_policy"
  policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Action = "sts:AssumeRole"
        Effect = "Allow"
        Principal = {
          Service = "ec2.amazonaws.com"
        }
      },
    ]
  })
  # other required fields here
}