AWS IAM trust policy misconfigured for OIDC

ID:aws_iam_trust_policy_oidc_misconfigured

Data type:AWS CloudTrail

Severity:

Medium

Description

AlphaSOC detected a misconfigured Identity and Access Management (IAM) trust policy for OpenID Connect (OIDC) that lacks the required sub and aud claim conditions. The policy accepts tokens from any user instead of specific authorized repositories or namespaces due to default AWS console settings during identity provider (IDP) setup.

Impact

This misconfiguration may enable adversaries to exploit IAM roles by presenting valid OIDC tokens from unauthorized sources. This could allow them to access AWS resources without authorization and potentially escalate their privileges. The lack of proper claim validation allows tokens from any connected identity provider to be exploited.

Severity

Severity	Condition
Medium	AWS IAM trust policy misconfigured for OIDC

Investigation and Remediation

Review IAM trust policy configuration to identify affected roles. Add conditions to the trust policy that validate both the sub and aud claims. Restrict token acceptance to specific authorized repositories and namespaces only. Examine role assumption logs to detect any unauthorized access attempts. Revoke active sessions for any potentially compromised roles and implement monitoring for unusual role assumption patterns.

Description​

Impact​

Severity​

Investigation and Remediation​

Description

Impact

Severity

Investigation and Remediation