RAM Policy No Admin Access

ID: rule:aliyun:ram-policy-no-statements-with-admin-access-check
Severity: high

Description

Ensures custom RAM policies do not grant full AdministratorAccess.

Reason for Violation

Granting excessive permissions increases the impact of a compromised account.

Recommendation

Follow the principle of least privilege. Do not use '*' for both Action and Resource in the same statement.

Resource Types

• ALIYUN::RAM::ManagedPolicy