As June 2025 wraps up, we’re back with another monthly roundup of AWS privileged permission changes and service updates that could reshape your cloud security posture. Each month brings a wave of new permissions — and with them, potential pathways for unauthorized access, policy evasion, and abuse of trust boundaries. This month’s highlights include sensitive updates across EC2, AWS Backup, Security Hub, and Bedrock, with several permissions impacting automation workflows, restore approvals, and connector integrity. Understanding these changes is critical for proactive privilege management and staying ahead of emerging risks. Dive in below to see what’s new — and why it matters for securing your AWS environment.
New Region
Asia Pacific (Taipei)
API name: ap-east-2
Availability zones: 3
Existing Services with New Privileged Permissions
EC2
Service Type: Compute Services
Permission: ec2:CreateMacSystemIntegrityProtectionModificationTask
- Action: Grants permission to create a System Integrity Protection (SIP) modification task for an Amazon EC2 Mac instance
- Mitre Tactic: Defense Evasion
- Why it’s privileged: Enables actions that directly impact the security boundaries of macOS EC2 instances by manipulating System Integrity Protection (SIP).
AWS Backup
Service Type: Archival, Backup and Recovery
Permission: backup:DisassociateBackupVaultMpaApprovalTeam
- Action: Grants permission to disassociate an MPA approval team from a backup vault
- Mitre Tactic: Defense Evasion
- Why it’s privileged: Disables the restore approval workflow by removing the designated approval team from a backup vault, potentially allowing unauthorized or unapproved restore operations.
Permission: backup:AssociateBackupVaultMpaApprovalTeam
- Action: Grants permission to associate an MPA approval team with a backup vault
- Mitre Tactic: Privilege Escalation
- Why it’s privileged: Overrides the existing approval team on a backup vault, potentially redirecting restore approvals to an unintended or unauthorized team.
AWS Security Hub
Service Type: Security and Compliance
Permission: securityhub:UpdateConnectorV2
- Action: Grants permission to update a connector V2 in Security Hub based on connector id and input parameters
- Mitre Tactic: Defense Evasion
- Why it’s privileged: Redirects security issues by modifying the JIRA projectKey in the connector configuration without requiring re-registration, potentially causing issues to be sent to an unintended destination.
Permission: securityhub:DeleteAutomationRuleV2
- Action: Grants permission to delete an automation rule V2 in Security Hub
- Mitre Tactic: Defense Evasion
- Why it’s privileged: Deletes an automation rule, potentially disrupting security workflows and preventing expected automatic responses to findings.
Permission: securityhub:ConnectorRegistrationsV2
- Action: Grants permission to complete the OAuth 2.0 authorization code flow based on input parameters
- Mitre Tactic: Defense Evasion
- Why it’s privileged: Authenticates and finalizes connector registration, enabling integration with external systems like Jira and potentially exposing sensitive workflows if misused.
Permission: securityhub:UpdateAutomationRuleV2
- Action: Grants permission to update an automation rule V2 in Security Hub based on rule Amazon Resource Name (ARN) and input parameters
- Mitre Tactic: Defense Evasion
- Why it’s privileged: Modifies automation rules, potentially altering security workflows and allowing unauthorized changes to detection or response behavior.
Permission: securityhub:DisableSecurityHubV2
- Action: Grants permission to disable Security Hub V2
- Mitre Tactic: Defense Evasion
- Why it’s privileged: Disables Security Hub for the account, effectively halting security data aggregation, analysis, and automated response actions.
Permission: securityhub:CreateAutomationRuleV2
- Action: Grants permission to create an automation rule V2 based on input parameters
- Mitre Tactic: Defense Evasion
- Why it’s privileged: Creates automation rules that define how Security Hub responds to findings, potentially enabling unauthorized or malicious automated actions.
Amazon Bedrock
Service Type: Artificial Intelligence & Machine Learning
Permission: bedrock:CreateCustomModel
- Action: Grants permission to create a custom model into Bedrock
- Mitre Tactic: Resource Development
- Why it’s privileged: Creates a custom foundation model, potentially embedding unauthorized data or behaviors that can impact downstream applications and security controls.
New Services
Amazon Elastic Virtualization Services
Service Type: Compute Services
No privileged permissions
AWS Support Console
Service Type: Support and Service Management
No privileged permissions
Multi-Party Approval
Service Type: Identity and Access Management
No privileged permissions
Conclusion
As AWS continues to expand its services and deepen integrations, the complexity and impact of new permissions grow with it. This month’s highlights — from altering macOS system protections in EC2 to quietly redirecting Security Hub automation or disabling backup restore approvals — illustrate how privileged access can subtly undermine security workflows and trust boundaries.
Sonrai Security’s Cloud Permissions Firewall empowers teams to get ahead of these risks by delivering cloud-native Privileged Access Management. We help organizations automatically detect and lock down high-risk permissions, enforce least privilege across identities and resources, and stay secure as AWS evolves. Because in the cloud, privilege is everywhere — and controlling it is everything.
