A recent blog post by our friends at Bishop Fox detailed a set of IAM permissions that can be used to escalate roles.
Having a specific policy to check IAM role policies and possibly flag any rules that allow for IAM permission escalation would be a good policy to add.
A recent blog post by our friends at Bishop Fox detailed a set of IAM permissions that can be used to escalate roles.
Having a specific policy to check IAM role policies and possibly flag any rules that allow for IAM permission escalation would be a good policy to add.