Risk Level: Critical
Cloud Entity: IAM Policy
CloudGuard Rule ID: D9.AWS.IAM.70
Category: Security, Identity, & Compliance
IamPolicy where name='AWSSupportServiceRolePolicy' should not have versionId='v20' or defaultVersionId='v20'
The 'AWSSupportServiceRolePolicy' policy is linked to a service and used only with a service-linked role for that service. You cannot attach, detach, modify, or delete this policy.
The 'AWSServiceRoleForSuppot' is a unique and mandatory service-linked IAM Role, which trusts the support.amazonaws.com service to assume the role.
You manage access in AWS by creating policies and attaching them to IAM identities or AWS resources. A policy is an object in AWS that, when associated with an entity or resource, defines their permissions. AWS evaluates these policies when a principal, such as a user, makes a request. Permissions in the policies determine whether the request is allowed or denied. Most policies are stored in AWS as JSON documents.
- AWS CloudGuard Best Practices
- AWS CloudGuard S3 Bucket Security
- AWS LGPD regulation
- AWS MITRE ATT&CK Framework v11.3
Updated 6 months ago