UPD: Added actions to high_risk_actions set

2025-09-18 09:37:48 +08:00
parent 4d29313b0d
commit dd3b364013
1 changed files with 5 additions and 1 deletions
@@ -338,7 +338,11 @@ printTitle(3, f"Roles to be examined: {len(confirmed_roles)}")
 # predefined actions which should not be granted
 high_risk_actions = {
    "*",
-    "iam:*"
+    "iam:*",
+    "iam:CreateUser",
+    "iam:AttachUserPolicy",
+    "iam:CreateRole",
+    "iam:AttachRolePolicy"
 }

 # Check inline policies for each role