Cette page n'est pas encore disponible en français, sa traduction est en cours. Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.
Metadata
ID:terraform-aws/iam-all-privileges
Language: Terraform
Severity: Error
Category: Security
Description
This rule is designed to prevent the assignment of all privileges to a single IAM policy in AWS, which is considered a high security risk. Allowing all privileges or actions can potentially expose the resources to unwanted manipulations or data breaches. This is especially important when managing access control for S3 buckets, which often store sensitive data.
This rule plays an important role in enforcing the principle of least privilege (PoLP), a computer security concept in which a user is given the minimum levels of access necessary to complete his or her job functions. This minimizes the potential damage that can result from error, unauthorized use, or compromise of user accounts.
To adhere to this rule, instead of using a wildcard (*) to denote all actions, specify the exact actions that the IAM policy should allow. For example, instead of using "Action": ["*"] in your IAM policy, use "Action": ["s3:GetObject"] to only allow the specific action of getting an object from an S3 bucket. This way, you can ensure that the IAM policy only has the privileges it needs, and no more.