Control: AWS > NIST 800-53 > IAM > IAM policy should not have statements with admin access

AWS Identity and Access Management (IAM) can help you incorporate the principles of least privilege and separation of duties with access permissions and authorizations, restricting policies from containing 'Effect': 'Allow' with 'Action': '*' over 'Resource': '*'.

Resource Types

This control targets the following resource types:

AWS > IAM > Policy

In Your Workspace

Developers

Control Type URI

tmod:@turbot/aws-nist-800-53#/control/types/iamPolicyCustomNoStarStar

Category URI

tmod:@turbot/turbot#/control/categories/complianceNist80053

GraphQL

query controlType(id: "tmod:@turbot/aws-nist-800-53#/control/types/iamPolicyCustomNoStarStar") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/aws-nist-800-53#/control/types/iamPolicyCustomNoStarStar'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/aws-nist-800-53#/control/types/iamPolicyCustomNoStarStar"