IAM misconfigurations

Internet-Facing Ec2 Instance Has Full Access to EC2

Risk Level

Imminent Compromised (2)

Platform(s)
Compliance Frameworks

Description

The internet-facing asset {AwsEc2Instance} ({AwsEc2Instance.InstanceId}) was found to have full access to your EC2 resources. Instance Profiles with the AmazonEC2FullAccess policy attached grant unrestricted access (Action: 'ec2:*') to EC2 resources on the account (Resource: '*'). In the event that the asset is compromised, this will grant the attacker full access to your EC2 resources, any data stored on them, and possible lateral movement which may lead to full account compromise.

  • Recommended Mitigation

    Detach the 'AmazonEC2FullAccess' policy from the instance's Instance Profile ({AwsEc2Instance.InstanceProfile}). When writing policies, make sure to adhere to the 'Least Privilege' principal, as described here: <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" target="_blank" rel="noopener noreferrer">https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html</a>

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.