Using the AWS CLI, manually check if any IAM policies allow full administrative privileges on the account

Details

Center for Internet Security (CIS) Recommendation 1.24 is to Ensure IAM policies that allow full “:” administrative privileges are not created. https://d0.awsstatic.com/whitepapers/compliance/AWS_CIS_Foundations_Benchmark.pdf#page=69

This is a check that must be performed manually as there are either no appropriate API calls or it may require an account-specific judgement call.