Skip to main content

RAM User Role No Product Admin Access

ID: rule:aliyun:ram-user-role-no-product-admin-access
Severity: high
IaC Types: ROS, Terraform

Description

Ensures RAM role policy attachments do not grant product administrative permissions.

Reason for Violation

Custom roles with admin permissions increase security risks.

Recommendation

Remove FullAccess policies from alicloud_ram_role_policy_attachment and use least privilege alternatives.

Resource Types

ROS: ALIYUN::RAM::Role
Terraform: alicloud_ram_role_policy_attachment

Description
Reason for Violation
Recommendation
Resource Types