AWS policy that allows to perform any action was added
Description
AlphaSOC detected an AWS policy that allows performing any action, indicated by the presence of NotActions or "*" permissions. This suggests an overly permissive policy that grants excessive privileges, potentially allowing unauthorized access to sensitive resources and actions within the AWS environment. Such broad permissions violate the principle of least privilege and significantly increase the potential attack surface.
Impact
An overly permissive AWS policy can lead to severe security risks, including unauthorized access, data breaches, and potential misuse of AWS resources. Threat actors who gain access to credentials associated with this policy could perform any action within the AWS environment, potentially compromising the entire infrastructure, exfiltrating sensitive data, or launching further attacks.
Severity
| Severity | Condition |
|---|---|
Low | AWS policy that allows to perform any action was added |
Medium | AWS policy allows to perform any action via suspicious statement |
Investigation and Remediation
Review the identified AWS policy and determine if such broad permissions are necessary. Implement the principle of least privilege by granting only the permissions necessary for each role, service, or user. Regularly review and audit AWS policies to prevent future misconfigurations.