Feature request: flag use of deprecated Amazon-managed permission policies
rdegraaf opened this issue · comments
Rennie deGraaf commented
Is your feature request related to a problem? Please describe.
AWS has deprecated a number of its more broken pre-written permission policies, including the following
arn:aws:iam::aws:policy/AWSCodePipelineFullAccess
arn:aws:iam::aws:policy/service-role/AWSConfigRole
I have not found a full list of deprecated permission policies but expect that there are more. The behaviour of deprecated permission policies is documented here.
Trend Micro has the issue documented here.
Describe the solution you'd like
ScoutSuite should flag any principals that have a deprecated permission policy attached.