Wildcard principal has been specified in access policy Affecting ElasticSearch service in AWS

Snyk CCSS

IAM / Accounts Allocation

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

CSA-CCM ISO-27001 SOC-2

Snyk ID SNYK-CC-00220
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

Using wild card will grant unnecessary access to any user in the account.

How to fix?

Set Principal attribute in the policy to specific entities for example arn:aws:iam::123456789012:user/JohnDoe.

CloudFormation

aws-resource-elasticsearch-domain.html#cfn-elasticsearch-domain-accesspolicies

Terraform

elasticsearch_domain_policy

References

best-practices.html#grant-least-privilege