AWS IAM policy modified to allow access to any resource
Description
AlphaSOC detected a modification to an AWS IAM policy that allows access to any
resource using CreatePolicy
, CreatePolicyVersion
, PutRolePolicy
,
PutUserPolicy
, or PutGroupPolicy
actions. This activity may increase the risk
of privilege escalation and potential data breaches.
Impact
Allowing unrestricted access to any resource through AWS IAM policies can lead to privilege escalation, enabling unauthorized access to sensitive data or the manipulation of AWS resources. Such changes may impact multiple AWS services and accounts.
Severity
Severity | Condition |
---|---|
Low | AWS IAM policy modified to allow access to any resource |
Investigation and Remediation
Review the AWS IAM policy modification to identify the responsible user or entity and determine if the change was authorized. If unauthorized, revert the policy to its previous state and analyze AWS CloudTrail logs to detect any misuse of expanded permissions.