Skip to main content

AWS Roles Anywhere profile created

ID:aws_rolesanywhere_profile_created
Data type:AWS CloudTrail
Severity:
Low
MITRE ATT&CK:TA0003:T1098.003

Description

AlphaSOC detected the creation of an AWS Roles Anywhere profile. AWS Roles Anywhere allows applications outside of AWS to obtain temporary security credentials to access AWS resources. AWS Roles Anywhere profiles created by AWS services are exempt from from the detection to avoid false positives.

Impact

Creating an AWS Roles Anywhere profile can significantly impact the security of AWS infrastructure. If misused, it allows attackers to access AWS resources from external systems, potentially bypassing traditional authentication methods and expand their attack surface. This can result in data breaches, unauthorized resource manipulation, and lateral movement within the AWS environment.

Severity

SeverityCondition
Low
Unexpected action

Investigation and Remediation

Investigate the party responsible for creating the AWS Roles Anywhere profile to verify the legitimacy of the activity. Analyze AWS CloudTrail logs to determine any actions taken using the profile.