Loading controls...
Control: IAM roles should not have read only access for external AWS accounts
Description
Ensure IAM Roles do not have ReadOnlyAccess access for external AWS account. The AWS-managed ReadOnlyAccess policy carries a high risk of potential data leakage, posing a significant threat to customer security and privacy.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.iam_role_cross_account_read_only_access_policySnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.iam_role_cross_account_read_only_access_policy --shareSQL
This control uses a named query:
iam_role_cross_account_read_only_access_policy