cloudsploit
cloudsploit copied to clipboard
Published
20 hours ago •
aquasecurity
aquasecurity
Global Cross Account Role Not detected
Playing around with cross account possibilities we noticed that if you edit your Trust Role Policy Document to * instead of an accountid Cloudsploit won't trigger an alert running against it
### This trigger an alert
{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"AWS":"arn:aws:iam::1122334455660:root"},"Action":"sts:AssumeRole","Condition":{}}]}
### This one didn't trigger
{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"AWS":"*"},"Action":"sts:AssumeRole","Condition":{}}]}
I believe we could create another check or add principal * into current CrossAccount detection rule.
