Added two dangerous policies to evaluate-iam-role.sh

2019-12-06 09:57:53 +01:00 · 2019-12-06 09:57:53 +01:00 · fb01387ed3
parent 7b10ba1c08
commit fb01387ed3
1 changed files with 2 additions and 1 deletions
--- a/clouds/aws/evaluate-iam-role.sh
+++ b/clouds/aws/evaluate-iam-role.sh
@ -32,7 +32,8 @@ known_potentially_dangerous_permissions=(
 )

 known_dangerous_permissions=(
-	"*:*"
+	"\*:\*"
+	"iam:\*"
 	"iam:CreatePolicyVersion"
 	"iam:SetDefaultPolicyVersion"
 	"iam:PassRole"