Evaluating privilege escalation risk of people and non-people identities across multiple Amazon Web Services (AWS) organizations, containing hundreds of AWS accounts is challenging. Unauthorized access to data and systems by elevating the privileges associated with their account – whether on purpose or by accident creates a hidden danger. Service control policies, permission boundaries, allow/deny statements, notPrincipal, notAction, resource statements, conditions, assumed roles, group membership, and SSO users with multiple roles and resource policies (S3, KMS, etc.) make understanding all effective permission of an individual identity a problem that cannot be solved by evaluating a single policy or calling an AWS API. Take a look at our eBook as we take a deep dive into evaluating privilege escalation risk and solve some of the common issues.
Download our FREE eBook on Evaluating Privilege Escalation Risk to Learn:
- The Dangers of Privilege Escalation Risk in AWS
- Common Data Breach Patterns For Keys and Secrets Management and How To Spot Them
- How To Detect Privilege Escalations and Prevent Them From Happening in AWS