IAM User has Adminstrative Privileges

Tenacity Id

Risk Level

Categories

iam-user-011

3

Last Updated:

April 21, 2022

An Identity Access and Management (IAM) user has full administrative privileges. Elevated permissions could be exploited to cause catastrophic damage when an attacker compromises an IAM user. IAM user permissions should be always granted following the principle of least privilege. For common, but complicated use cases, the AWS managed policies can be leveraged to grant a narrow set of elevated access permissions to specific resources or functions. Full Administrator Access should be avoided unless absolutely necessary. IAM users with full administrative privileges should be audited and permissions restricted to the minimum necessary to perform routine tasks.