AWS policy suggests narrow access but allows broad access
Description
AlphaSOC detected an AWS IAM policy that appears restrictive but grants broad
permissions. The policy contains a statement with "Effect": "Allow" that
includes extensive permissions, even though the Statement ID (SID) implies a
more restricted scope. This creates a false sense of security, as the SID does
not enforce restrictions; only an explicit "Effect": "Deny" in the policy
ensures proper access control.
Impact
This misconfiguration can lead to unintended privileged access, allowing users or roles to perform actions beyond their intended permissions. Threat actors could exploit this to modify, create, or delete AWS resources, potentially leading to data breaches, service disruptions, or unauthorized access to sensitive information. It undermines the principle of least privilege and weakens the overall security posture of the AWS environment.
Severity
| Severity | Condition |
|---|---|
Medium | AWS policy suggests narrow access but allows broad access |
Investigation and Remediation
Review the identified AWS policy to ensure its permissions align with the
intended access controls. Analyze the policy’s Allow statements and ensure
that no unintended actions are included. If it grants excessive permissions,
update the configuration by explicitly setting "Effect": "Deny" where
necessary. After making changes, test the policy to ensure the restrictions are
properly enforced. To prevent future misconfigurations, regularly audit and
review AWS policies.