CCSS (Common Configuration Scoring System) is a set of measures used to determine the severity of the rule.
Each rule is associated with a high-level category. For example IAM, Container, Monitoring, Logging, Network, etc.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsAWS IAM delegated administrators can create IAM entities but must enforce permission boundaries to prevent privilege escalation. Omitting this condition poses a risk of privilege escalation.
Update the IAM policy of the aws_iam_role
or aws_iam_user
to ensure the proper Condition
exists for the delegated administrator.
#Example configuration:
resource "aws_iam_user" "valid-user-1" {
name = "valid-user-1"
permissions_boundary = aws_iam_policy.policy1.arn
# other required fields here
}
resource "aws_iam_policy" "policy1" {
name = "policy1"
path = "/"
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = ["iam:Create*"]
Effect = "Allow"
Resource = "*"
Condition = {
"StringEquals" = {
"iam:PermissionsBoundary" = "<iam-policy-arn>",
}
}
},
]
})
}