← all rules
iac/iam/iam-aws-wildcard-action
AWS IAM policy grants wildcard action (*)
highCloud IAMiac-iam
What it detects
An IAM statement with `"Action": "*"` grants every AWS API call. Combined with any Allow effect this is effectively administrator access and violates least privilege — a compromise of the principal becomes a compromise of the account.
Remediation
Enumerate the specific actions the principal needs (e.g. `"s3:GetObject"`) instead of `"*"`.
How it runs
Run against JSON/YAML/source files. AWS IAM rules require a policy-document context (Statement + Effect); GCP primitive roles are matched anywhere. HCL is left to the Terraform layer.
Found a false positive or want this rule tuned? File an issue. You can also suppress per-repo via a .repoguardignore line.