Result #2 HIGH IAM policy document uses sensitive action 'ec2:AttachNetworkInterface' on wildcarded resource '*'
──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
.terraform/modules/nat_instance/main.tf Line 199
───────┬──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
194 │ {
195 │ "Effect": "Allow",
196 │ "Action": [
197 │ "ec2:AttachNetworkInterface"
198 │ ],
199 │ "Resource": "*"
200 │ }
───────┴──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
ID aws-iam-no-policy-wildcards
Impact Overly permissive policies may grant access to sensitive resources
Resolution Specify the exact permissions required, and to which resources they should apply instead of using wildcards.
More Information
- https://aquasecurity.github.io/tfsec/v1.8.0/checks/aws/iam/no-policy-wildcards/
- https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document
──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
it can probably be solved by adding a condition to the policy (as per the ASG tag here) like
Hi! another tfsec warning
it can probably be solved by adding a condition to the policy (as per the ASG tag here) like