IAM role trust policies should not allow all principals to assume the role

Description

Using a wildcard in the Principal attribute in a role’s trust policy would allow any IAM user in any account to access the role. This is a significant security gap and can be used by anyone to gain access to an account with potentially sensitive data.

Console Remediation Steps

  • Navigate to IAM.

  • Select the role that includes the trust policy.

  • Navigate to the Trust Relationships tab, and select Edit trust relationship.

  • Ensure that the Principal attribute does not include any wildcards (*).

CLI Remediation Steps

  • Ensure that IAM trust policies created via CLI do not use wildcards in the Principal attribute:

    • aws iam update-assume-role-policy --role-name Test-Role --policy-document file://policy.json

policy.json:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": "ec2.amazonaws.com"
        },
      "Action": "sts:AssumeRole",
      "Condition": {}
    }
  ]
}