Project Description
Identify and manage a collection of IAM privileges in policies that potentially increase security risk.
Summary:
There are a collection of IAM privileges that are most-often seen in privilege escalation attacks or, in combination, provide more access than likely intended. Some are obvious, but many are subtle… especially for less experienced IAM administrators. This list also can change over time, as AWS changes their IAM model and adds new capabilities. Customers can even become exposed as AWS updates their managed policies, some of which have been granted excessive privileges while customer trust/believe they were scoped to least privilege.
This Op identifies these high risk privileges in IAM policies, and allows you to quarantine the associated user or role or remove the privilege from the policy.
Supported Issue Types:
A high risk privilege configuration was identified in an IAM policy
- The policy _name_ has _violating IAM privileges_ and is associated with _count_ users and roles.
Supported Actions:
- Quarantine the associated users and roles
- Remove the high-risk privileges
Platform:
Related Articles
Fashion App’s Faux Pas: Open Buckets of (21) Buttons
Fashion App’s Faux Pas: Open Buckets of (21) Buttons TL; DR: Leaving their S3 buckets exposed, fashion-focused social app, 21 Buttons, is caught with their pants down. Because it had nothing to do with
Supercharging Security Hub: Part 4, Taking Action
In our last post, we walked through the console and highlighted making the most of the Security Hub console and some tips and tricks to make it more useful. Today I want to dive into one of the best parts of Security Hub — taking actions on events and findings.
