Privilege Escalation
Ways to elevate privileges in aws
- IAM Managed Policies can have up to 5 different versions at one time
- The action
IAM:SetExistingDefaultPolicyVersioncan allow you to select a different version of the policy, ideally one that has more privileges
This operation affects all users, groups, and roles that the policy is attached to. To list the users, groups, and roles that the policy is attached to, use ListEntitiesForPolicy
# view available versions of a policy
aws iam list-policy-versions --policy-arn <policyArn>
# view the policy for a particular version
aws iam get-policy-version --policy-arn <policyArn> --version-id <versionId>
# attach a specific version of a policy
aws iam set-default-policy-version --policy-arn <policyArn> --version-id <versionId>
Last modified 30d ago