Critical

Ensure IAM policies that allow full "*:*" administrative privileges are not created

Security & Compliance
Description

The "Ensure IAM policies that allow full administrative privileges are not created" rule refers to preventing the creation of AWS Identity and Access Management (IAM) policies that grant unrestricted administrative access to AWS services and resources. Granting full administrative privileges to users or roles can result in unauthorized access, privilege escalation, and malicious activity. This rule involves ensuring that IAM policies that provide full administrative access are not created and that existing policies that grant such access are removed or modified to limit their scope.‍

Remediation

To ensure that IAM policies that allow full administrative privileges are not created, follow the below steps:

  1. Identify the users and roles who have such policies attached to their IAM policies.
  2. Review the policies and determine which policies have excessive privileges.
  3. Remove or restrict the privileges in the policies to the minimum necessary permissions required for the user/role to perform their intended functions.
  4. Implement the principle of least privilege when assigning policies to users/roles.
  5. Consider using managed policies provided by AWS instead of creating custom policies, as these are designed to follow the principle of least privilege.
  6. Utilize AWS IAM Access Analyzer to analyze resource-based policies and identify any unintended access.
  7. Regularly audit IAM policies to ensure that they remain up to date and that excessive privileges are removed or restricted if no longer needed.
  8. Enforce multi-factor authentication (MFA) for users with administrative privileges to add an additional layer of security.
  9. Monitor AWS CloudTrail logs for any changes made to IAM policies and review these logs regularly for any suspicious activity.
  10. Consider using AWS Organizations to centrally manage policies across multiple AWS accounts to ensure consistent application of security policies.
Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.

Step into the Future of SecOps