A policy that grants all permissions may indicate an improper access control, which violates the principle of least privilege. Suppose an identity is granted full permissions to a resource even though it only requires read permission to work as expected. In this case, an unintentional overwriting of resources may occur and therefore result in loss of information.

Ask Yourself Whether

Identities obtaining all the permissions:

• only require a subset of these permissions to perform the intended function.
• have monitored activity showing that only a subset of these permissions is actually used.

There is a risk if you answered yes to any of those questions.

Recommended Secure Coding Practices

It’s recommended to apply the least privilege principle, i.e. by only granting the necessary permissions to identities. A good practice is to start with the very minimum set of permissions and to refine the policy over time. In order to fix overly permissive policies already deployed in production, a strategy could be to review the monitored activity in order to reduce the set of permissions to those most used.

Sensitive Code Example

A customer-managed policy that grants all permissions by using the wildcard (*) in the Action property:

from aws_cdk.aws_iam import PolicyStatement, Effect

PolicyStatement(
    effect=Effect.ALLOW,
    actions=["*"], # Sensitive
    resources=["arn:aws:iam:::user/*"]
)

Compliant Solution

A customer-managed policy that grants only the required permissions:

from aws_cdk.aws_iam import PolicyStatement, Effect

PolicyStatement(
    effect=Effect.ALLOW,
    actions=["iam:GetAccountSummary"],
    resources=["arn:aws:iam:::user/*"]
)

See

• OWASP Top 10 2021 Category A1 - Broken Access Control
• AWS Documentation - Grant least privilege
• Google Cloud Documentation - Understanding roles
• MITRE, CWE-732 - Incorrect Permission Assignment for Critical Resource
• MITRE, CWE-284 - Improper Access Control
• OWASP Top 10 2017 Category A5 - Broken Access Control