AWS policy suggests read-only access but allows write actions
Description
AlphaSOC detected an AWS IAM policy that suggests read-only access but allows
write actions. The policy contains a statement with "Effect": "Allow" that
includes write permissions, even though the Statement ID (SID) implies read-only
access. This creates a false sense of security, as the SID does not enforce
restrictions; only an explicit "Effect": "Deny" in the policy ensures proper
access control.
Impact�
This misconfiguration can lead to unintended privileged access, allowing users or roles to perform actions beyond their intended permissions. Threat actors could exploit this to modify, create, or delete AWS resources, potentially leading to data breaches, service disruptions, or unauthorized access to sensitive information. It undermines the principle of least privilege and weakens the overall security posture of the AWS environment.
Severity
| Severity | Condition |
|---|---|
Medium | AWS policy suggests read-only access but allows write actions |
Investigation and Remediation
Review the identified AWS policy to ensure its permissions align with the
intended access controls. Analyze the policy’s Allow statements and ensure
that no unintended write actions are included. If it grants excessive
permissions, update the configuration by explicitly setting "Effect": "Deny"
where necessary. After making changes, test the policy to ensure the
restrictions are properly enforced. To prevent future misconfigurations,
regularly audit and review AWS policies.