Possible new rule for Tfsec

[jdsmithit]

Looking briefly at Tfsec I have noticed it allows you to assign 'resources = ["*"]' in the statement block, How does everyone feel about this being flagged as a security issue? I believe this goes against the principle of least privilege and assigning to more resources than should be needed?

[liamg]

This is now a rule 👍 See https://aquasecurity.github.io/tfsec/v0.61.3/checks/aws/iam/no-policy-wildcards/