CloudWiki
Rules
Critical

Resource with over permissive DynamoDB GetItem permissions (via IAM Group inline)

Security & Compliance
No items found.
Description

A source of an AWS resource associated with an IAM group with an inline policy that grants dynamodb actions to a destination of a DynamoDB table could be an application or a set of applications that require read access to the data stored in the table. The IAM group could be created to grant access to a specific team or set of users who require access to the data in the table. The inline policy would be used to define the specific permissions required to perform the dynamodb actions on the table. By granting access to the table through an IAM group with an inline policy, access to the table can be centrally managed and audited.

Remediation

The remediation steps for a resource that has access to a DynamoDB table would depend on the specific issue at hand. However, some general steps that can be taken to ensure secure and controlled access to DynamoDB tables are:

  1. Review the IAM policies associated with the resource to ensure that they follow the principle of least privilege. Only grant access to the specific resources and actions required and nothing more.
  2. Remove any overly permissive policies that allow access to all DynamoDB tables or resources.
  3. Ensure that access to the DynamoDB tables is only granted to trusted AWS accounts and IAM roles/groups.
  4. Consider implementing fine-grained access controls using IAM conditions, such as restricting access based on the IP address, time of day, or other contextual factors.
  5. Enable CloudTrail logging to monitor and audit access to the DynamoDB tables.
  6. Consider using encryption at rest and in transit for the DynamoDB tables.
  7. Implement regular security assessments and penetration testing to identify and address any security vulnerabilities in the system.
Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.