Control: IAM policy should not grant full access to cloudtrail service
Description
CloudTrail is a critical service and IAM policies should follow least privilege model for this service in particular. This control is non-compliant if the managed IAM policy allows full access to cloudtrail service.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.iam_policy_no_full_access_to_cloudtrailSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.iam_policy_no_full_access_to_cloudtrail --shareSQL
This control uses a named query:
iam_policy_no_full_access_to_cloudtrail