search

nccgroup / PMapper

A tool for quickly evaluating IAM permissions in AWS.
GNU Affero General Public License v3.0
1.37k stars 169 forks source link

Unintentional Admin Query #101

Closed ncc-erik-steringer closed 2 years ago

ncc-erik-steringer commented 2 years ago

PMapper assumes that all users who can modify their own permissions are supposed to be admin users in the account. However this might not be helpful for devs that add a couple iam permissions to a principal but didn't intend to grant AdministratorAccess equivalents.

Best example would be IAMFullAccess, which might be tossed onto a user thinking it necessary to handle iam:PassRole issues.

We should add a preset query (and maybe a finding) that detects:

  1. When a principal is an admin
  2. When a principal does not have the AdministratorAccess managed policy or an equivalent policy attached to them.
ncc-erik-steringer commented 2 years ago

Done in 84d0945

ncc-erik-steringer commented 2 years ago

Finished with v1.1.5.