search
LinkedInGitHubYouTube

Identity Access Management (IAM)

Abusable AWS IAM permissions that can lead to compromise or privilege escalation

hashtag
iam:CreateAccessKey

  • With access to these permissions, an attacker can create a set of IAM Access Keys, enabling them to maintain persistent access to a user.

aws iam create-access-key --user-name <userName>

hashtag
iam:CreatePolicyVersion and iam:SetDefaultPolicyVersion

  • With access to these permissions, an attacker can create and enable a new IAM permissions policy, escalating their privileges.

aws iam create-policy-version --policy-arn arn:aws:iam::<accountId>:policy/<policyName> --policy-document file://<policyName>.json --set-as-default
# example iam policy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": "*"
        }
    ]
}

hashtag
iam:SetExistingDefaultPolicyVersion

  • With access to this permission, an attacker can attach a different version of an IAM policy, potentially escalating privileges or gaining access to other resources.

hashtag
iam:AttachUserPolicy

  • With access to this permission, an attacker can attach a new policy to an IAM user, potentially escalating privileges or gaining access to other resources.

hashtag
iam:UpdateAssumeRolePolicy

  • With access to this permission, an attacker can modify an IAM Role's Trust Policy, enabling themselves or another identity (user, role, service) the ability to assume the role, potentially escalating privileges or gaining access to other resources.

PreviousElastic Container Registry (ECR)NextIAM Trust Policies

Last updated