AWS policy contains unsubstituted template values
Description
AlphaSOC detected an AWS policy containing unsubstituted template values. The
policy includes statement ID (SID), resource, or principal values using names
commonly found in tutorials or documentation (e.g., <YOUR_BUCKET>,
[YOUR_QUEUE], or __default_queue), which may indicate a potential
misconfiguration or oversight in policy setup. If not corrected, such errors
could grant excessive permissions or expose resources.
Impact
A misconfigured AWS policy can unintentionally grant excessive permissions, leading to unauthorized access to sensitive data or resources. Threat actors may exploit this to read or modify data, manipulate resources, or escalate privileges within the AWS environment. This vulnerability could result in data breaches, resource misuse, or provide a foothold for further attacks.
Severity
| Severity | Condition |
|---|---|
Low | AWS policy contains unsubstituted template values |
Investigation and Remediation
Review the identified AWS policy and replace placeholder values with appropriate, specific identifiers for resources, principals, or SIDs. Apply the principle of least privilege to ensure policies grant only necessary permissions. After making changes, test the policy to ensure the restrictions are properly enforced.
Known False Positives
- Naming conventions similar to those used in tutorials or documentation