This technique is just like aws.persistence.iam-backdoor-role but creating a role.
The difference here is that we do not update the assume role policy of the IAM role because we can include the assumeRolePolicyDocument when creating the role.
Also, this allows us to test alerts that look for a CreateRole that contains an assumeRolePolicyDocument that allows access from accounts that we do not have in an allow list.
What does this PR do?
This technique is just like aws.persistence.iam-backdoor-role but creating a role.
The difference here is that we do not update the assume role policy of the IAM role because we can include the assumeRolePolicyDocument when creating the role.
Doing it this way simulates the role creation just like what happened in the incident "The curious case of DangerDev@protonmail.me"
Also, this allows us to test alerts that look for a CreateRole that contains an assumeRolePolicyDocument that allows access from accounts that we do not have in an allow list.
Motivation
Issue https://github.com/DataDog/stratus-red-team/issues/469
Checklist