Evaluating Privilege Escalation Risk in Amazon Web Services Description

Evaluating privilege escalation risk of people and non-people identities across multiple Amazon Web Services (AWS) organizations, containing hundreds of AWS accounts is challenging. Unauthorized access to data and systems by elevating the privileges associated with their account – whether on purpose or by accident creates a hidden danger. Service control policies, permission boundaries, allow/deny statements, notPrincipal, notAction, resource statements, conditions, assumed roles, group membership, and SSO users with multiple roles and resource policies (S3, KMS, etc.) make understanding all effective permission of an individual identity a problem that cannot be solved by evaluating a single policy or calling an AWS API.

 

If your Download does not start Automatically, Click Download Whitepaper