LambdaGuard
LambdaGuard copied to clipboard
wildcard actions not handled properly
This tool does not handle wildcards in IAM policy actions properly, because it only does literal string matches. For example, the PrivilegeEscalation
class will not detect any issue if my policy grants "iam:Create*"
. All the IAM policy checking logic needs to be rewritten to treat wildcards as actual wildcards (perhaps via regex) instead of only doing literal string matches.