hello,
in reagrds to this CSPM findings
“Establish an access control system(s) : IAM Policies with Effect as Allow and Action with sts:AssumeRole for CrossAccountArn”
which is being flag for AWSControlTowerExecution, based on some research i have dont the issue is bc this roles have an excessive permissions, however this are default roles created by controltower, hence how can we work this finding out to remediate ? or is this a false positive as im being advice bc control tower has a principal in it limits who can use the role.
however I wanted to bring it to the community to see if some has a better understanding of this and can help me understand if it is in fact a FP or how can this be remediated effectible?
Login to the community
If you haven't already registered, now is a good time to do so. After you register, you can post to the community, receive email notifications, and lots more. It's quick and it's free! Create an account
Login with SSO
Employee Partneror
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.