Skip to content
This repository was archived by the owner on Jul 22, 2021. It is now read-only.
This repository was archived by the owner on Jul 22, 2021. It is now read-only.

EvaluatePolicyPermissions expression #83

Open
Open
EvaluatePolicyPermissions expression#83
@visit1985

Description

@visit1985
visit1985
opened on Jul 18, 2018

https://github.com/awslabs/aws-security-benchmark/blob/097ddf7461745f684dab0ca00aa608c2047dbd80/architecture/create-benchmark-rules.yaml#L732

CIS 1.24 Ensure IAM policies that allow full "*:*" administrative privileges are not created

This expression should be 'Statement[?Effect == \'Allow\' && Action == \'*\' && Resource == \'*\']'. Currently it matches for example action ec2:Describe* on resource *.

What do you think?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions