EvaluatePolicyPermissions expression

Question

EvaluatePolicyPermissions expression

Opened this issue 6 years ago · 0 comments

visit1985 commented 6 years ago

https://github.com/awslabs/aws-security-benchmark/blob/097ddf7461745f684dab0ca00aa608c2047dbd80/architecture/create-benchmark-rules.yaml#L732

CIS 1.24 Ensure IAM policies that allow full "*:*" administrative privileges are not created

This expression should be 'Statement[?Effect == \'Allow\' && Action == \'*\' && Resource == \'*\']'. Currently it matches for example action ec2:Describe* on resource *.

What do you think?