IAM User Has Risky Permissions

Overview

Risky permissions are individual IAM permissions that are rated with a higher security risk due to their potential for abuse, or combinations of permissions (even across different IAM policies) that could lead to abuse or privilege escalation.

Some examples include:

A role or user with full administrative permissions (ALL actions on ALL resources)
A role or user with the combination of the "PassRole" permission, which allows them to assign a role to a resource like a Lambda function or EC2 instance, and the ability to create and run an instance/function. If the user can assign any role, they could create and run a resource with higher permissions than they have, then use that resource to execute commands they shouldn't.
The permission to CreateAccessKey on other users, which would allow the current user to create (and then use) an Access Key for a user with more permissions than the current user.

We are constantly updating the list of risky permissions. Some of these combinations have legitimate uses, but all are potential sources for internal users or external attackers to escalate privileges.

Vendor

AWS

Cloud Service

IAM

Input

{"whitelistedGroups":{"label":"Whitelisted Groups","helpText":"Names of IAM user groups to exclude from risky permission evaluations.","value":[],"type":"string[]"}}

Severity

Item Types

AWS::IAM::User

Overview​

Vendor​

Cloud Service​

Input​

Severity​

Item Types​