Skip to main content

hello,
in reagrds to this CSPM findings 
“Establish an access control system(s) : IAM Policies with Effect as Allow and Action with sts:AssumeRole for CrossAccountArn”

which is being flag for AWSControlTowerExecution, based on some research i have dont the issue is bc this roles have an excessive permissions, however this are default roles created by controltower, hence how can we work this finding out to remediate ? or is this a false positive as im being advice bc control tower has a principal in it limits who can use the role.
however I wanted to bring it to the community to see if some has a better understanding of this and can help me understand if it is in fact  a FP or how can this be remediated effectible? 

Be the first to reply!

Reply