When an IAM user is granted high privileged policies, it can lead to security risks. If an attacker manages to compromise such a user, they can perform any action allowed by those policies, leading to unauthorized access, data exfiltration, and other malicious activities. Therefore, it is essential to ensure that IAM users do not have excessive privileges granted to them.Some examples of high privileged policies that should be avoided are:AdministratorAccess or PowerUserAccessPolicies that include * in the resource or action sectionsPolicies that grant iam:* or iam:PassRole permissionsIt is recommended to grant IAM users the least privilege required to perform their intended actions. The principle of least privilege ensures that users can only perform actions necessary for their job function and nothing more. This helps reduce the attack surface and prevent unauthorized access.In addition to granting the least privilege, it is recommended to enable MFA (Multi-Factor Authentication) for IAM users and rotate their credentials regularly. It is also good practice to monitor and audit IAM activity logs to detect any suspicious activity.
If an IAM user has been granted high privileged policies, it is recommended to follow the below steps to remediate the issue:
Regular monitoring of IAM user policies and access is also essential to ensure that the IAM users have only the required access and privileges. It is also recommended to implement the principle of least privilege, which involves granting users only the minimum access required to perform their job functions.