Control: AWS > NIST 800-53 > IAM > Ensure IAM policy should not grant full access to service

Checks if AWS Identity and Access Management (IAM) policies grant permissions to all actions on individual AWS resources. The rule is non complaint if the managed IAM policy allows full access to at least 1 AWS service.

Resource Types

This control targets the following resource types:

AWS > IAM > Policy

In Your Workspace

Controls by Resource report
Controls by Control Type report

Developers

Control Type URI

tmod:@turbot/aws-nist-800-53#/control/types/iamPolicyCustomNoServiceWildcard

Category URI

tmod:@turbot/turbot#/control/categories/complianceNist80053

GraphQL

query controlType(id: "tmod:@turbot/aws-nist-800-53#/control/types/iamPolicyCustomNoServiceWildcard") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/aws-nist-800-53#/control/types/iamPolicyCustomNoServiceWildcard'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/aws-nist-800-53#/control/types/iamPolicyCustomNoServiceWildcard"