IAM Role Trust Policies: Misconfigurations Hiding in Plain Sight
a year ago
- #IAM
- #Security
- #AWS
- IAM role trust policies in AWS can lead to critical privilege escalation risks if misconfigured.
- AWS's documentation on trust policies is confusing and fragmented, making them easy to misconfigure.
- IAM roles consist of trust policies (defining who can assume the role) and permission policies (defining actions allowed once assumed).
- Trust policies include principals, actions, and conditions, but are less understood than permission policies.
- AWS lacks dedicated documentation for trust policies, leading to inconsistent terminology and understanding.
- Two common misconfigurations: trusting all principals in the same AWS account and misunderstanding logical OR vs. AND in multiple principals.
- Trusting all principals in the same account allows any identity in the account to assume the role, creating a privilege escalation risk.
- Multiple principals in a trust policy are evaluated as OR, not AND, which can lead to unintended access if misunderstood.
- These misconfigurations are not flagged by AWS Access Analyzer, increasing their risk.
- Upcoming posts will cover cross-account trust mistakes and other IAM role security issues.