IAM role trust policies should not allow all principals to assume the role

Description

Using a wildcard in the Principal attribute in a role’s trust policy would allow any IAM user in any account to access the role. This is a significant security gap and can be used by anyone to gain access to an account with potentially sensitive data.

Console Remediation Steps

• Navigate to IAM.

• Select the role that includes the trust policy.

• Navigate to the Trust Relationships tab, and select Edit trust relationship.

• Ensure that the Principal attribute does not include any wildcards (*).

CLI Remediation Steps

• Ensure that IAM trust policies created via CLI do not use wildcards in the Principal attribute:

  • aws iam update-assume-role-policy --role-name Test-Role --policy-document file://policy.json

policy.json:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": "ec2.amazonaws.com"
        },
      "Action": "sts:AssumeRole",
      "Condition": {}
    }
  ]
}

Documentation Links

• IAM role trust policy as a resource-based policy