As February 2025 wraps up, we’re back with the latest updates on AWS sensitive permissions, newly supported services, and regional expansions. Keeping up with these changes is critical for securing cloud environments and ensuring that high-risk permissions are properly governed. This month, we’ve identified new sensitive permissions across multiple AWS services, highlighting potential security implications that teams should be aware of. Read on for a full breakdown of what’s new and what it means for your cloud security strategy.
Existing Services with New Sensitive Permissions
Amazon Simple Email Service
Service Type: Customer Engagement
Permission: ses:StartAddressListImportJob
- Action: Grants permission to start an import job on an address list
- Mitre Tactic: Defense Evasion
- Why it’s sensitive: Enables bulk email list imports, which could be misused.
Permission: ses:RegisterMemberToAddressList
- Action: Grants permission to add a member to an address list
- Mitre Tactic: Defense Evasion
- Why it’s sensitive: Allows adding email addresses to predefined lists, which could be exploited.
AWS CloudFormation
Service Type: Infrastructure Management
Permission: cloudformation:ExecuteStackRefactor
- Action: Grants permission to execute a stack refactor
- Mitre Tactic: Defense Evasion
- Why it’s sensitive: Can be used to shift resources somewhere else, allowing unauthorized changes to infrastructure.
AWS Amplify
Service Type: Development and DevOps tools
Permission: amplify:DisassociateWebACL
- Action: Grants permission to disassociate a WebACL from a resource
- Mitre Tactic: Defense Evasion
- Why it’s sensitive: Allows detaching a Web Application Firewall (WAF) from an AWS Amplify app, potentially exposing the application to security threats.
Conclusion
As AWS continues to introduce new permissions and expand its services, managing cloud security becomes increasingly complex. This month’s updates highlight how even seemingly routine permissions—like email list management, infrastructure refactoring, and security control removal—can introduce risks if left unchecked. Without proper oversight, organizations face potential data leaks, security control bypasses, and unauthorized infrastructure changes that could go unnoticed.
Sonrai Security addresses these challenges with our Cloud Permissions Firewall, enabling security teams to automate the detection, restriction, and monitoring of sensitive permissions across AWS environments. By continuously enforcing least privilege and providing real-time visibility into evolving permission risks, we help organizations stay ahead of threats without disrupting operations.
