A config rule that checks whether the default version of AWS Identity and Access Management (IAM) policies do not have administrator access. If any statement has 'Effect': 'Allow' with 'Action': '*' over 'Resource': '*', the rule is NON_COMPLIANT.

 
Items
1
Size
0.7 KB
AWSTemplateFormatVersion: '2010-09-09'
Resources:
  ConfigRule:
    Type: 'AWS::Config::ConfigRule'
    Properties:
      ConfigRuleName: iam-policy-no-statements-with-admin-access
      Description: >-
        A config rule that checks whether the default version of AWS Identity
        and Access Management (IAM) policies do not have administrator access.
        If any statement has 'Effect': 'Allow' with 'Action': '*' over
        'Resource': '*', the rule is NON_COMPLIANT.
      InputParameters: {}
      Scope:
        ComplianceResourceTypes:
          - 'AWS::IAM::Policy'
      Source:
        Owner: AWS
        SourceIdentifier: IAM_POLICY_NO_STATEMENTS_WITH_ADMIN_ACCESS
Parameters: {}
Metadata: {}
Conditions: {}

Customize Cf Template

Rule Parameters

No rule paramters
 
* Required field