Configuration & Environment

IAM wildcard policy

HIGHCWE: CWE-250Rule: MCP-203

IAM policies granting wildcard actions ('*' or 'svc:*') violate least-privilege and allow unintended access to AWS services, enabling privilege escalation and data exfiltration.

What it is

Wildcard IAM actions in inline or managed policies grant the principal permission to call every API action on a service or across all AWS services. A single compromised MCP handler or tool invocation can then perform any operation—delete buckets, exfiltrate secrets, create admin users—far beyond what the handler legitimately needs.

Why it matters for MCP

MCP servers are invoked by AI agents and external clients with minimal human oversight per call. If the server's execution role carries wildcard IAM permissions, a prompt-injection attack, a confused-deputy exploit, or a malicious tool call can silently abuse the full AWS permission set. The blast radius of any compromise is unbounded, making least-privilege enforcement critical in agentic pipelines.

Vulnerable example

example.js

const policy = {
  Version: "2012-10-17",
  Statement: [{
    Effect: "Allow",
    Action: "*",           // grants ALL AWS actions
    Resource: "arn:aws:s3:::my-bucket/*"
  }]
};

Secure example

example.js

const policy = {
  Version: "2012-10-17",
  Statement: [{
    Effect: "Allow",
    Action: ["s3:GetObject", "s3:ListBucket"],
    Resource: [
      "arn:aws:s3:::my-bucket",
      "arn:aws:s3:::my-bucket/*"
    ]
  }]
};

How MCPSafe detects this

Scan all IAM policy documents (inline and attached) for Statement entries where Action equals the string '*', is an array containing '*', or matches the pattern '<service>:*'. Flag any such entry as a violation. Additionally check Resource for '*' paired with broad actions. Integrate checks into CI/CD using tools such as cfn-nag, checkov, or aws-iam-access-analyzer before deployment.

See the full threat catalog for every documented detection.

Scan an MCP server for this issue

MCPSafe runs this check — and every other rule in the catalog — on any MCP server you paste in.

Scan now

← Threat Catalog

Configuration & Environment

IAM wildcard policy

HIGHCWE: CWE-250Rule: MCP-203

IAM policies granting wildcard actions ('*' or 'svc:*') violate least-privilege and allow unintended access to AWS services, enabling privilege escalation and data exfiltration.

What it is

Why it matters for MCP

Vulnerable example

example.js

const policy = {
  Version: "2012-10-17",
  Statement: [{
    Effect: "Allow",
    Action: "*",           // grants ALL AWS actions
    Resource: "arn:aws:s3:::my-bucket/*"
  }]
};

Secure example

example.js

const policy = {
  Version: "2012-10-17",
  Statement: [{
    Effect: "Allow",
    Action: ["s3:GetObject", "s3:ListBucket"],
    Resource: [
      "arn:aws:s3:::my-bucket",
      "arn:aws:s3:::my-bucket/*"
    ]
  }]
};

How MCPSafe detects this

See the full threat catalog for every documented detection.

Scan an MCP server for this issue

MCPSafe runs this check — and every other rule in the catalog — on any MCP server you paste in.

Scan now

IAM wildcard policy

What it is

Why it matters for MCP

Vulnerable example

Secure example

How MCPSafe detects this

Further reading

Scan an MCP server for this issue

IAM wildcard policy

What it is

Why it matters for MCP

Vulnerable example

Secure example

How MCPSafe detects this

Further reading

Scan an MCP server for this issue

1	const policy = {
2	Version: "2012-10-17",
3	Statement: [{
4	Effect: "Allow",
5	Action: "*", // grants ALL AWS actions
6	Resource: "arn:aws:s3:::my-bucket/*"
7	}]
8	};