More Info:

IAM User or Role can be leveraged to escalate privileges and can present higher risk.

Risk Level

High

Address

Security

Compliance Standards

CISGCP,HIPAA,SCO2,NISTCSF,NIST,AWSWAF,ISO27001,HITRUST

Triage and Remediation

Remediation

To remediate the privilege escalation misconfiguration in AWS IAM, follow these steps using the AWS Management Console:

  1. Sign in to the AWS Management Console using your administrator credentials.

  2. Open the IAM service from the console.

  3. Click on “Roles” in the left navigation pane.

  4. Identify the role that has the misconfigured privilege escalation issue. You can search for the role using the search bar or manually locate it in the list.

  5. Select the role by clicking on its name.

  6. In the “Permissions” tab, review the policies attached to the role. Identify any policies that grant excessive privileges or allow privilege escalation.

  7. Click on the policy name to view its details.

  8. Review the policy document to identify the specific actions or resources that are causing the privilege escalation issue.

  9. Edit the policy document by clicking on the “Edit policy” button.

  10. Modify the policy document to remove any unnecessary or excessive permissions that lead to privilege escalation. Ensure that the policy only grants the minimum required permissions for the role.

  11. Click on “Review policy” to validate the updated policy document.

  12. Review the changes and ensure that the updated policy meets your requirements.

  13. Click on “Save changes” to apply the updated policy to the role.

  14. Repeat steps 5-13 for any other roles that have the privilege escalation misconfiguration.

By following these steps, you can remediate the privilege escalation misconfiguration in AWS IAM and ensure that roles have the appropriate and minimal permissions necessary for their intended purpose.