Friday, January 13, 2023
HomeCyber SecurityTo NotResource or To Not NotResource In an AWS IAM Coverage |...

To NotResource or To Not NotResource In an AWS IAM Coverage | by Teri Radichel | Cloud Safety | Jan, 2023


ACM.131 Forestall our IAM Customers from altering their very own function, insurance policies, and group deployed by the ROOT CloudFormation stacks

 Assertion:
- Impact: Enable
Motion: 'iam:*'
Useful resource: '*'
 Assertion:
- Impact: Enable
Motion: 'iam:*'
NotResource: '*IamAdmin*'
  1. Add the suitable output to the stack.
  2. Be certain the output useful resource identify matches the coverage identify for insurance policies.
  3. Add the output to the CloudFormation template that creates the IAM Admin Function coverage and redeploy it.
aws iam list-policies | grep IAMAdmin
aws iam list-roles | grep IAMAdmin
aws iam list-groups | grep IAMAdmin
aws iam list-policies --profile IAM | grep IAMAdmin
aws iam list-roles --profile IAM | grep IAMAdmin
aws iam list-groups --profile IAM | grep IAMAdmin
  • Creating a brand new function, making a compute useful resource, assigning a job, and working instructions from that compute useful resource that the IAM person shouldn’t be in a position to do.
  • Creating a brand new person, assigning a coverage, and altering the password to function as that person.
Medium: Teri Radichel
E-mail Listing: Teri Radichel
Twitter: @teriradichel
Twitter (firm): @2ndSightLab
Mastodon: @teriradichel@infosec.trade
Submit: @teriradichel
Fb: 2nd Sight Lab
Slideshare: Displays by Teri Radichel
Speakerdeck: Displays by Teri Radichel
Books: Teri Radichel on Amazon
Recognition: SANS Distinction Makers Award, AWS Hero, IANS College
Certifications: SANS
Schooling: BA Enterprise, Grasp of Sofware Engineering, Grasp of Infosec
How I obtained into safety: Lady in tech
Purchase me a espresso: Teri Radichel
Firm (Penetration Checks, Assessments, Coaching): 2nd Sight Lab
Request companies by way of LinkedIn: Teri Radichel or IANS Analysis



RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Recent Comments