The IAM role can be assumed by any service or principal Affecting IAM service in AWS

Snyk CCSS

IAM / Accounts Allocation

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

CIS-Controls

Snyk ID SNYK-CC-00303
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

Anyone will be allowed to assume the role, and perform actions granted in attached policies.

How to fix?

Set Principal in Properties.AssumeRolePolicyDocument attribute to specific service or account, e.g. Service: ec2.amazonaws.com.

CloudFormation

Terraform

References