Description

An IAM Group is a collection of IAM Users. You can use groups to specify permissions for a collection of users. The group {AwsIamGroup} was found with permissive permissions that allows the user the ability to pass a role to a service. By passing a role to a service, a user may grant that service the ability to interact with the AWS API with the permissions of that role. By allowing a user to pass any role, an attacker may pass a role with administrative privileges to a service they control, such as an EC2 Instance or Lambda Function, and act through this service with escalated permissions.