As January 2026 comes to a close, Sonrai’s latest review of newly released AWS permissions highlights a sharp expansion of privilege concentrated in networking, traffic control, and collaboration services. This month’s updates focus heavily on AWS Network Firewall, Route 53 Global Resolver, EC2 networking controls, and cross-account data collaboration, introducing new ways to reroute traffic, weaken filtering, expand network reach, and expose shared data.
Taken together, these permissions reinforce a critical cloud security reality: privilege increasingly lives in routing decisions and configuration layers, not just identity policies. From bypassing DNS and proxy-based protections to expanding access across VPCs and external accounts, each change subtly reshapes trust boundaries and increases the blast radius of misuse. Security teams must stay vigilant, as these non-obvious privileges continue to redefine the cloud attack surface through the very controls meant to secure it.
Existing Services with New Privileged Permissions
AWS Clean Rooms
Service Type: Data and Analytics
Permission: cleanrooms:UpdateCollaborationChangeRequest
- Action: Grants permission to update a change request in a collaboration
- Mitre Tactic: Exfiltration
- Why it’s privileged: Allows approving or modifying change requests that expand what external AWS accounts can do within a collaboration, potentially granting access to additional data through analysis templates.
AWS Network Firewall
Service Type: Security Services
Permission: network-firewall:UpdateProxyRule
- Action: Grants permission to update an existing proxy rule on a proxy rule group
- Mitre Tactic: Defense Evasion
- Why it’s privileged: Allows modification of proxy rules designed to block malicious or unauthorized traffic, potentially permitting traffic that would otherwise be filtered.
Permission: network-firewall:AttachRuleGroupsToProxyConfiguration
- Action: Grants permission to attach proxy rule groups to a proxy configuration
- Mitre Tactic: Defense Evasion
- Why it’s privileged: Allows attaching rule groups with broad allow rules early in a proxy configuration, potentially permitting malicious traffic to bypass filtering.
Permission: network-firewall:UpdateProxyConfiguration
- Action: Grants permission to modify a proxy configuration
- Mitre Tactic: Defense Evasion
- Why it’s privileged: Allows changing proxy behavior from default-deny to default-allow, significantly weakening network traffic filtering.
Permission: network-firewall:UpdateProxyRuleGroupPriorities
- Action: Grants permission to modify rule group priorities on a proxy configuration
- Mitre Tactic: Defense Evasion
- Why it’s privileged: Allows reordering rule groups so broad allow rules are evaluated first, enabling traffic to bypass filtering and permitting otherwise blocked connections.
Permission: network-firewall:CreateProxyRules
- Action: Grants permission to add proxy rules to a proxy rule group
- Mitre Tactic: Defense Evasion
- Why it’s privileged: Allows inserting explicit allow or deny rules ahead of existing filters, potentially preempting protections and permitting unauthorized traffic.
Permission: network-firewall:DetachRuleGroupsFromProxyConfiguration
- Action: Grants permission to detach proxy rule group from a proxy configuration
- Mitre Tactic: Defense Evasion
- Why it’s privileged: Allows removal of rule groups designed to filter malicious or unauthorized traffic, weakening proxy-based network protections.
Permission: network-firewall:DeleteProxy
- Action: Grants permission to delete a proxy
- Mitre Tactic: Impact
- Why it’s privileged: Allows deletion of a network proxy, disrupting connectivity for resources that rely on it and causing traffic to fail.
Permission: network-firewall:UpdateProxyRulePriorities
- Action: Grants permission to update proxy rule priorities within a proxy rule group
- Mitre Tactic: Defense Evasion
- Why it’s privileged: Allows reordering proxy rules so broad allow rules are evaluated first, enabling traffic to bypass existing filtering controls.
Permission: network-firewall:DeleteProxyRules
- Action: Grants permission to remove proxy rules from a proxy rule group
- Mitre Tactic: Defense Evasion
- Why it’s privileged: Allows removal of proxy rules designed to filter malicious or unauthorized traffic, weakening network security controls.
Permission: network-firewall:UpdateProxy
- Action: Grants permission to modify a proxy
- Mitre Tactic: Impact
- Why it’s privileged: Allows removing or altering proxy listeners, causing network traffic to fail and preventing clients from establishing connections.
Amazon EC2
Service Type: Compute Services
Permission: ec2:ModifyVpcEncryptionControl
- Action: Grants permission to modify an existing VPC Encryption Control
- Mitre Tactic: Defense Evasion
- Why it’s privileged: Allows weakening or disabling enforcement of VPC traffic encryption by switching controls to monitor mode, reducing protection of network traffic and potentially disrupting encryption guarantees.
Permission: ec2:ModifyIpamPrefixListResolver
- Action: Grants permission to modify an IPAM prefix list resolver
- Mitre Tactic: Lateral Movement
- Why it’s privileged: Allows expanding the CIDR ranges resolved by a prefix list, potentially broadening network access to sensitive resources protected by security group rules.
Permission: ec2:DeleteVpcEncryptionControl
- Action: Grants permission to delete a VPC Encryption Control
- Mitre Tactic: Defense Evasion
- Why it’s privileged: Removes controls that enforce VPC traffic encryption, eliminating safeguards that protect network traffic confidentiality.
Permission: ec2:CreateIpamPrefixListResolverTarget
- Action: Grants permission to create an IPAM prefix list resolver target that links a resolver to a managed prefix list
- Mitre Tactic: Lateral Movement
- Why it’s privileged: Allows forcing a prefix list to sync with an empty or permissive resolver, effectively wiping enforced network restrictions and expanding communication between resources or VPCs.
AWS CloudWatch Logs
Service Type: Observability and Monitoring
Permission: logs:CreateImportTask
- Action: Grants permission to start an asynchronous process to import data from a CloudTrail Lake event data store into a managed log group in CloudWatch
- Mitre Tactic: Collection
- Why it’s privileged: Allows importing CloudTrail data into CloudWatch using a passed role, enabling collection of log data that the caller may not otherwise have direct access to.
Amazon API Gateway
Service Type: Compute Services
Permission: apigateway:UpdatePortal
- Action: Grants permission to update a portal
- Mitre Tactic: Persistence
- Why it’s privileged: Allows disabling authorization controls on the portal, exposing internal API documentation to the public and enabling persistent unauthorized access.
Permission: apigateway:PutPortalProductSharingPolicy
- Action: Grants permission to put a portal product sharing policy
- Mitre Tactic: Persistence
- Why it’s privileged: Allows making an API Gateway portal accessible from another AWS account, enabling persistent external access to potentially internal API documentation.
Amazon Connect
Service Type: Customer Engagement
Permission: connect:DisassociateEmailAddressAlias
- Action: Grants permission to disassociate an alias from an email address resource in an Amazon Connect instance
- Mitre Tactic: Impact
- Why it’s privileged: Allows removal of email address aliases used for routing or identification, disrupting email-based contact handling and potentially impacting business communications or workflows.
Permission: connect:AssociateEmailAddressAlias
- Action: Grants permission to associate an alias with an email address resource in an Amazon Connect instance
- Mitre Tactic: Exfiltration
- Why it’s privileged: Allows routing or duplicating email communications through additional aliases, potentially enabling interception or unauthorized exposure of sensitive customer messages.
Amazon CloudFront
Service Type: Networking and Content Delivery
Permission: cloudfront:DeleteResourcePolicy
- Action: Grants permission to delete a resource’s policy document
- Mitre Tactic: Impact
- Why it’s privileged: Allows removal of resource-based access controls for CloudFront resources, causing severe disruption to content delivery and access enforcement.
Permission: cloudfront:PutResourcePolicy
- Action: Grants permission to update or create a resource’s policy document
- Mitre Tactic: Persistence
- Why it’s privileged: Allows adding or modifying resource-based policies to grant or maintain access to CloudFront resources, enabling persistent control over content delivery access.
Amazon Bedrock
Service Type: Artificial Intelligence & Machine Learning
Permission: bedrock:PutEnforcedGuardrailConfiguration
- Action: Grants permission to set account-level enforced guardrail configuration
- Mitre Tactic: Defense Evasion
- Why it’s privileged: Allows replacing or weakening enforced account-level guardrails, enabling models or agents to bypass safety and policy controls.
Permission: bedrock:DeleteEnforcedGuardrailConfiguration
- Action: Grants permission to delete account-level enforced guardrail configuration
- Mitre Tactic: Impact
- Why it’s privileged: Allows removal of enforced guardrails across the account, eliminating safety and policy controls and potentially disrupting or exposing downstream AI workloads.
AWS Network Manager
Service Type: Networking and Content Delivery
Permission: networkmanager:PutAttachmentRoutingPolicyLabel
- Action: Grants permission to put an attachment routing policy label
- Mitre Tactic: Lateral Movement
- Why it’s privileged: Allows associating routing policies that enable broader prefix propagation, granting compromised attachments access to network segments or prefixes that were previously unreachable.
Permission: networkmanager:RemoveAttachmentRoutingPolicyLabel
- Action: Grants permission to remove an attachment
- Mitre Tactic: Lateral Movement
- Why it’s privileged: Allows removal of labels that enforce strict routing policies, potentially eliminating network segmentation controls and enabling movement between previously isolated environments.
AWS Launch Wizard
Service Type: Infrastructure Management
Permission: launchwizard:UpdateDeployment
- Action: Grants permission to update a deployment
- Mitre Tactic: Credential Access
- Why it’s privileged: Allows modifying deployment parameters to change credentials for underlying application databases, enabling unauthorized credential access or takeover.
New Services with Privileged Permissions
AWS Route 53 Global Resolver
Service Type: Networking and Content Delivery
Permission: route53globalresolver:BatchCreateFirewallRule
- Action: Grants permission to create multiple firewall rules
- Mitre Tactic: Defense Evasion
- Why it’s privileged: Allows creation of high-priority allow rules that can bypass existing DNS filtering and evade network-based controls.
Permission: route53globalresolver:BatchDeleteFirewallRule
- Action: Grants permission to delete multiple firewall rules
- Mitre Tactic: Defense Evasion
- Why it’s privileged: Allows removal of DNS firewall rules, disabling DNS-based filtering and reducing network-level visibility and protection.
Permission: route53globalresolver:BatchUpdateFirewallRule
- Action: Grants permission to update multiple firewall rules
- Mitre Tactic: Defense Evasion
- Why it’s privileged: Allows modifying deny rules into allow rules, permitting DNS traffic that would otherwise be filtered or blocked.
Permission: route53globalresolver:CreateAccessSource
- Action: Grants permission to create an access source
- Mitre Tactic: Defense Evasion
- Why it’s privileged: Allows remapping CIDR ranges between DNS views with different firewall policies, enabling DNS queries from the CIDR range to bypass stricter filtering rules.
Permission: route53globalresolver:CreateFirewallRule
- Action: Grants permission to create a firewall rule
- Mitre Tactic: Defense Evasion
- Why it’s privileged: Allows creation of high-priority allow rules that can bypass existing DNS filtering and evade network-based controls.
Permission: route53globalresolver:DeleteFirewallRule
- Action: Grants permission to delete a firewall rule
- Mitre Tactic: Defense Evasion
- Why it’s privileged: Allows removal of DNS firewall rules, disabling DNS-based filtering and reducing network-level protection.
Permission: route53globalresolver:ImportFirewallDomains
- Action: Grants permission to import firewall domains from an S3 bucket
- Mitre Tactic: Defense Evasion
- Why it’s privileged: Allows tampering with domain lists used by firewall rules, potentially permitting DNS traffic that would otherwise be filtered or blocked.
Permission: route53globalresolver:UpdateAccessSource
- Action: Grants permission to update an access source
- Mitre Tactic: Defense Evasion
- Why it’s privileged: Allows remapping CIDR ranges between DNS views with different firewall policies, enabling DNS queries to bypass stricter filtering rules.
Permission: route53globalresolver:UpdateDNSView
- Action: Grants permission to update a dns view
- Mitre Tactic: Defense Evasion
- Why it’s privileged: Allows disabling or weakening security settings such as DNSSEC validation, enabling tampering with DNS responses and bypassing DNS integrity protections.
Permission: route53globalresolver:UpdateFirewallDomains
- Action: Grants permission to update firewall domains
- Mitre Tactic: Defense Evasion
- Why it’s privileged: Allows modification of domain lists used by DNS firewall rules, potentially permitting DNS traffic that would otherwise be blocked or filtered.
Permission: route53globalresolver:UpdateFirewallRule
- Action: Grants permission to update a firewall rule
- Mitre Tactic: Defense Evasion
- Why it’s privileged: Allows changing deny rules into allow rules, permitting DNS traffic that would otherwise be filtered or blocked.
AWS MCP Server
Service Type: Artificial Intelligence and Machine Learning
Permission: aws-mcp:CallReadWriteTool
- Action: Grants permission to call AWS read and write APIs in MCP service
- Mitre Tactic: Impact
- Why it’s privileged: Allows invoking AWS APIs via the MCP server, enabling unintended or malicious execution of AWS actions if the tool is triggered without explicit user intent.
AWS PricingPlanManager Service
Service Type: Subscription Management
No privileged permissions
AWS Compute Optimizer
Service Type: Compute Services
No privileged permissions
Amazon Nova Act
Service Type: Artificial Intelligence & Machine Learning
No privileged permissions
AWS ECS MCP Server
Service Type: Artificial Intelligence & Machine Learning
No privileged permissions
Conclusion
As AWS continues to evolve its networking, traffic management, and collaboration services, new privileged permissions are increasingly defining how data flows, access is enforced, and environments are segmented in the cloud. This month’s additions demonstrate how changes to routing policies, firewall rules, encryption controls, and shared resources can quietly expand privilege, weaken isolation, or expose sensitive systems without modifying traditional administrator roles. Even small configuration changes can have an outsized impact on network trust boundaries and lateral movement risk.
Sonrai Security’s Cloud Permissions Firewall helps organizations stay ahead of these shifts by continuously identifying emerging privileged permissions, mapping them to MITRE ATT&CK tactics, and enforcing least privilege across cloud control planes. In a cloud environment where network and configuration-level privileges continue to expand each month, maintaining continuous visibility and proactive control is critical to preventing overlooked permissions from becoming attack paths.
