Check provider logo

Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation

iam_policy_allows_privilege_escalation

Severityhigh
Serviceiam
by Prowler

Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation

Risk

Users with some IAM permissions are allowed to elevate their privileges up to administrator rights.

Run this check with Prowler CLI

prowler aws --checks iam_policy_allows_privilege_escalation

Run in Prowler Cloud

ARN template

arn:partition:service:region:account-id:resource-id

Remediation

WUI

Grant usage permission on a per-resource basis and applying least privilege principle.

References:
https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege

Source Code

Resource Type

AwsIamPolicy