AWS Default IAM Roles Found to Enable Lateral Movement and Cross-Service Exploitation
May 21st, 2025
Severity Level: High
Technical Details
The vulnerable IAM roles are automatically provisioned when setting up AWS services or frameworks. Key technical issues include:
Overly Permissive Policies:
Default roles such as AmazonSageMaker-ExecutionRole, AWSGlueServiceRole, and AmazonEMRStudio_RuntimeRole are granted AmazonS3FullAccess, allowing read/write operations across all S3 buckets within the account.
Role Abuse Vectors:
Attackers can enumerate and access existing S3 buckets by exploiting naming conventions.
Compromised roles allow for the modification of infrastructure-as-code resources, such as CloudFormation templates and EMR scripts.
Arbitrary code execution is possible through malicious machine learning models (e.g., uploaded to Hugging Face and imported into SageMaker).
Open-source Risk:
The Ray framework also includes a default IAM role with S3FullAccess, exposing similar attack surfaces.
These IAM configurations create significant security liabilities by inadvertently authorizing lateral movement between services and facilitating a complete compromise of the AWS account. Additionally, the adverse risk of an insider threat is greatly increased by overly permissive accounts. The best practice is to implement least-privilege access to all critical resources.
Our Cyber Threat Intelligence Unit has identified significant security risks associated with the default Identity and Access Management (IAM) roles generated by various Amazon Web Services (AWS) offerings, including SageMaker, Glue, EMR, and Lightsail. These roles, often created automatically or through recommendation during setup, have overly permissive policies, most notably AmazonS3FullAccess. Excessive permissions like AmazonS3FullAccess provide hidden pathways for attackers to escalate privileges, compromise AWS services, and in some instances, take over entire AWS accounts.
A similar vulnerability was identified in the open-source Ray framework, which assigns the AmazonS3FullAccess policy to its default IAM role (ray-autoscaler-v1). AWS has since modified the default service roles to restrict the AmazonS3FullAccess policy.
Impact
If exploited, these insecure IAM roles can allow attackers to:
Escalate privileges beyond their initial foothold.
Gain unauthorized access to critical AWS services and S3 data.
Modify or backdoor service configurations and scripts.
Compromise the integrity of cloud workloads and storage.
Gain complete control of an AWS account.
These threats extend beyond basic S3 bucket enumeration and encompass complete multi-service compromise scenarios.
Detection Method
Organizations can detect the presence of insecure IAM roles through:
IAM Role Audit: Identify roles with AmazonS3FullAccess or equivalent custom policies.
Service Role Enumeration: List and analyze roles created by SageMaker, Glue, EMR, and Lightsail, as well as roles associated with third-party tools such as Ray.
CloudTrail Monitoring: Use AWS CloudTrail to detect suspicious access patterns or privilege escalations originating from default roles.
Policy Analyzer Tools: Employ AWS IAM Access Analyzer or third-party tools to audit and simulate role behaviour.
Indicators of Compromise
There are no Indicators of Compromise (IOCs) for this Advisory
Recommendations
To mitigate these risks, organizations should:
Restrict Default Role Permissions: Modify or replace default IAM roles to include only the minimum required permissions, adhering to the principle of least privilege.
Audit Roles: Perform regular audits of IAM roles to identify overly permissive policies.
Implement Service Control Policies (SCPs): Use SCPs within AWS Organizations to restrict actions across accounts and enforce policy boundaries.
Monitor for Misuse: Utilize logging and monitoring solutions to identify abnormal behavior associated with IAM roles.
Update Third-Party Tools: Review and update frameworks, such as Ray, to ensure secure default configurations are in place.
Conclusion
Default IAM roles in AWS services and third-party frameworks have been observed to grant excessive permissions, which can facilitate privilege escalation and account compromise. This flaw affects all versions of the utility up to 2.0.10 and has been addressed in version 2.0.11 , released on January 30, 2025. Organizations should avoid relying on default IAM configurations and instead enforce the principle of least privilege through proactive audits, custom policies, and ongoing monitoring. Although AWS has made initial efforts to address some of these issues, users must take further steps to implement additional safeguards and secure their cloud environments.