AWS Roles Anywhere profile created
Description
AlphaSOC detected the creation of an AWS Roles Anywhere profile. AWS Roles Anywhere allows applications outside of AWS to obtain temporary security credentials to access AWS resources. AWS Roles Anywhere profiles created by AWS services are exempt from from the detection to avoid false positives.
Impact
Creating an AWS Roles Anywhere profile can significantly impact the security of AWS infrastructure. If misused, it allows attackers to access AWS resources from external systems, potentially bypassing traditional authentication methods and expand their attack surface. This can result in data breaches, unauthorized resource manipulation, and lateral movement within the AWS environment.
Severity
Severity | Condition |
---|---|
Low | Unexpected action |
Investigation and Remediation
Investigate the party responsible for creating the AWS Roles Anywhere profile to verify the legitimacy of the activity. Analyze AWS CloudTrail logs to determine any actions taken using the profile.