Control: IAM roles should not have any assume role policies attached
Description
Role assume policies can provide access to roles in external AWS accounts.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.iam_policy_custom_no_assume_roleSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.iam_policy_custom_no_assume_role --shareSQL
This control uses a named query:
iam_policy_custom_no_assume_role