IAM misconfigurations

Internet Facing EC2 Instance with Administrator Privileges

Risk Level

Imminent Compromised (2)

Platform(s)

Description

The internet-facing asset {AwsEc2Instance} ({AwsEc2Instance.InstanceId}) was found to have full administrative privileges to your account. Instance Profiles with full administrative privileges attached grant unrestricted access (Action: '*') to any resources on the account (Resource: '*'). In the event that the asset is compromised, this may potentially lead to full account takeover.
  • Recommended Mitigation

    Detach policies containing full administrative privileges from the instance's Instance Profile ({AwsEc2Instance.InstanceProfile}). When writing policies, make sure to adhere to the 'Least Privilege' principal, as described here: <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" target="_blank" rel="noopener noreferrer">https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html</a>