Originally published at shieldly.io/blog.

After analyzing a lot of IAM policies, the same seven patterns show up again and again. Here is each one, why it is dangerous, and the fix.

1. Action: * on Resource: *

{

"Effect": "Allow",