38 lines
1.2 KiB
YAML
38 lines
1.2 KiB
YAML
id: iam-unapproved-policy
|
|
info:
|
|
name: Unapproved IAM Policy Attachments
|
|
author: princechaddha
|
|
severity: high
|
|
description: |
|
|
Checks for the attachment of unapproved Amazon IAM managed policies to IAM roles, users, or groups, ensuring compliance with organizational access policies
|
|
reference:
|
|
- https://docs.aws.amazon.com/cli/latest/reference/iam/get-policy.html
|
|
tags: cloud,devops,aws,amazon,iam,ssl,tls,aws-cloud-config
|
|
|
|
self-contained: true
|
|
code:
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
aws iam get-policy --policy-arn arn:aws:iam::aws:policy/AmazonRDSFullAccess --query 'Policy.{"AttachmentCount": AttachmentCount}'
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- "AttachmentCount"
|
|
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- '"AttachmentCount": 0'
|
|
negative: true
|
|
|
|
extractors:
|
|
|
|
- type: dsl
|
|
dsl:
|
|
- '"Unapproved IAM policy is used within your AWS cloud account"'
|
|
# digest: 4a0a00473045022100cf22f4542262ded32bcf64050e268d3b514e907385f8c67a8a4f888302bb48b202206b2ee99707ba578560bc83ad3ceeae5e3981288199d898d27d0090f34f6af408:922c64590222798bb761d5b6d8e72950 |