IAM policy no admin check (rule)
editChecks the IAM policies that you create for Allow statements that grant permissions to all actions on all resources. The rule is NON_COMPLIANT if any policy statement includes “Effect”: “Allow” with “Action”: “*” over “Resource”: “*”. This rule checks only the IAM policies that you create. It does not check IAM Managed Policies. When you enable the rule, this rule checks all of the customer-managed policies in your account, and all new policies that you create. IAM Policy No Admin Check.
comments
comments for this post are closed