guardrails-samples icon indicating copy to clipboard operation
guardrails-samples copied to clipboard

Published 20 hours ago verified publisher icon turbot

Add policy pack - Remove AdminAccess or IAM Full Access from IAM Policies

Open Joeturbot opened this issue 6 months ago • 0 comments

Control objective

  • Real time alert for any role or user created with admin access or IAM full access.
    • Admin access defined as "Action": "*:*"
    • IAM Full access defined as "Action": "iam:*"

Remediation

  • Remove offending policy statements from attached IAM policy or inline policy. Does not matter if the IAM policy is attached or not. They should not exist.

Categories

  • Access Management
  • Security

Additional context Source Conversation: https://turbothq.slack.com/archives/C06DF1TE16D/p1723561500674229

Joeturbot avatar Aug 14 '24 18:08 Joeturbot