RAM Policy No Admin Access
ID: rule:aliyun:ram-policy-no-statements-with-admin-access-check
Severity: high
IaC Types: ROS, Terraform
Description
Ensures custom RAM policies do not grant full AdministratorAccess.
Reason for Violation
Granting excessive permissions increases the impact of a compromised account.
Recommendation
Follow the principle of least privilege. Do not use '*' for both Action and Resource in the policy_document attribute.
Resource Types
- ROS:
ALIYUN::RAM::ManagedPolicy - Terraform:
alicloud_ram_policy