Evaluating privilege escalation risk of people and non-people identities across multiple Amazon Web Services (AWS) organizations, containing hundreds of AWS accounts is challenging. Unauthorized access to data and systems by elevating the privileges associated with their account - whether on purpose or by accident creates a hidden danger. Service control policies, permission boundaries, allow/deny statements, notPrincipal, notAction, resource statements, conditions, assumed roles, group membership, and SSO users with multiple roles and resource policies (S3, KMS, etc.) make understanding all effective permission of an individual identity a problem that cannot be solved by evaluating a single policy or calling an AWS API. Take a look at our eBook as we take a deep dive into evaluating privilege escalation risk and solve some of the common issues.
Download our FREE eBook on Evaluating Privilege Escalation Risk to Learn:
Sonrai Security cloud security platform, products and services are covered by U.S. Patent No. 10,728,307, together with other domestic and international patents pending. All rights are reserved.