Custom Policies Do Not Allow All Actions for a Service
Rule Details
Parameter |
Description |
---|---|
Rule Name |
iam-role-has-all-permissions |
Identifier |
iam-role-has-all-permissions |
Description |
If a custom policy or role allows all actions for a cloud service, this policy or role is noncompliant. |
Tag |
iam |
Trigger Type |
Configuration change |
Filter Type |
iam.roles, iam.policies |
Configure Rule Parameters |
None |
Applicable Scenario
This rule allows you to ensure that your IAM users or agencies do not have unintended permissions attached. To ensure resource security, an IAM role or policy should not allow all actions for a cloud service.
Solution
The administrator can modify noncompliant IAM policies or roles. For more details, see Modifying or Deleting a Custom Policy.
Rule Logic
- If a custom policy or role allows all actions for a cloud service, this policy or role is noncompliant.
- If a custom policy or role denies one or more actions for a cloud service, this policy or role is compliant.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot