diff --git a/clouds/aws/evaluate-iam-role.sh b/clouds/aws/evaluate-iam-role.sh
index 49fbd95..e83d48e 100755
--- a/clouds/aws/evaluate-iam-role.sh
+++ b/clouds/aws/evaluate-iam-role.sh
@@ -32,7 +32,8 @@ known_potentially_dangerous_permissions=(
 )
 
 known_dangerous_permissions=(
-	"*:*"
+	"\*:\*"
+	"iam:\*"
 	"iam:CreatePolicyVersion"
 	"iam:SetDefaultPolicyVersion"
 	"iam:PassRole"