AWS IAM Policies must not grant assume role permission across all services

Tenacity Id

Risk Level

Categories

iam-role-003

Last Updated:

April 21, 2022

Typically, you use AssumeRole within your account for for cross-account access. In order to follow least privilege principle, it recommended NOT to use AssumeRole across ALL the accounts.