IAM misconfigurations

IAM User with Administrative Privileges

Risk Level

Hazardous (3)

Platform(s)
Compliance Frameworks
  • Orca Best Practices

About AWS Identity and Access Management (IAM)

AWS Identity and Access Management (IAM) is a service that lets you manage and secure access to your AWS resources. IAM ensures that a user is authenticated (signed into AWS) and authorized (has required access permissions) before granting access.

An IAM user is an entity that a person or an application uses to interact with AWS resources. By default, a newly created IAM user has no privileges whatsoever. Neither will they have the authorization to perform any operation, nor the permissions to access any AWS resource.

AWS IAM makes it easy to assign permissions based on user roles. For example, a system architect may have permission to access all the resources in your environment, whereas an external consultant may only have access to a specific EC2 instance.

You can also give an IAM user admin privileges, which essentially allows them to do anything in the AWS environment. They can access, modify or delete resources, read and edit any data, and even provision or delete other users.

Cloud Risk Description

An IAM user may have administrator privileges, allowing them to freely perform any operation, or access any resource, in an AWS environment. The principle of least privilege dictates that no entity should have more than the bare-minimum level of permissions required to do their job. So, instead of granting admin privileges, an IAM user should only be granted the permissions they absolutely need to perform their duties.

How Does Orca Help?

Orca detects and prioritizes identity and access management misconfigurations such as overly permissive identities. Continuous IAM monitoring across your cloud estate prevents malicious and accidental exposure. In this specific case, Orca helps by looking for “IAM Users with Admin Privileges” and will alert on this type of issue as shown in the screenshot above.

Orca

Orca Security, the cloud security innovation leader, provides cloud-wide, workload-deep security and compliance for AWS, Azure, and GCP - without the gaps in coverage, alert fatigue, and operational costs of agents.