Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation
iam_policy_allows_privilege_escalation
Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation
Risk
Users with some IAM permissions are allowed to elevate their privileges up to administrator rights.
Run this check with Prowler CLI
prowler aws --checks iam_policy_allows_privilege_escalation
ARN template
arn:partition:service:region:account-id:resource-id
Recommendation
Grant usage permission on a per-resource basis and applying least privilege principle.
Remediation
Other
CAF Security Epic: IAM
Source Code
Resource Type
AwsIamPolicy