TechQA.

Does using IAM policy with the following permission allow the user / group / role to do anything withing the aws account?

21 views Asked by At 
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1469200763880",
      "Action": [
        "iam:AttachRolePolicy",
        "iam:CreateRole"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}
  • Does Having a permission to create and attach permissions gives the entity power to do anything within an account, since it can attach improper roles to create any resource or perform any actions?
  • If so, who should be responsible for that within an aws account?
  • If so, it is as dangerous as using the root account, therefore, should I manage all permissions and then delete this policy?
  • Are there more secure options?
amazon-web-services amazon-iam policy
Original Q&A
0

There are 0 answers

Related Questions in AMAZON-WEB-SERVICES

Related Questions in AMAZON-IAM

Related Questions in POLICY

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions