Add policies for IAM role escalation

pulumi / pulumi-policy-aws

A policy pack of rules to enforce AWS best practices for security, reliability, cost, and more!

https://www.pulumi.com

Apache License 2.0

34 stars 6 forks source link

Add policies for IAM role escalation #46

Open chrsmith opened 4 years ago

chrsmith commented 4 years ago

A recent blog post by our friends at Bishop Fox detailed a set of IAM permissions that can be used to escalate roles.

Having a specific policy to check IAM role policies and possibly flag any rules that allow for IAM permission escalation would be a good policy to add.

rshade commented 1 year ago

Adding some links from wayback: https://web.archive.org/web/20201030200810/https://labs.bishopfox.com/tech-blog/privilege-escalation-in-aws https://rhinosecuritylabs.com/aws/aws-privilege-escalation-methods-mitigation