The permissions granted to a role should be kept to the minimum required to be able to do the task. Wildcard permissions must not be used.
Impact
Open permissions for subscriptions could result in an easily compromisable account
Recommended Actions
Follow the appropriate remediation steps below to resolve the issue.
Use targeted permissions for roles
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
data"azurerm_subscription" "primary" {
}
resource"azurerm_role_definition" "example" {
name="my-custom-role" scope=data.azurerm_subscription.primary.id description="This is a custom role created via Terraform"permissions {
actions=["*"] not_actions=[]
}
assignable_scopes=[data.azurerm_subscription.primary.id,]
}