H3-2024-0045¶

AWS Privilege Escalation via iam:PassRole and ec2:RunInstances

Description¶

An AWS user or role in your AWS account can pass another role in your account to a new EC2 instance using an existing instance profile.

Impact¶

This allows the original user or role to abuse permissions assigned to the passed role. Depending on the permissions assigned, this could have critical implications.

References¶

• Security Best Practices for AWS IAM
• MITRE ATT&CK Technique: T1548.005: Abuse Elevation Control Mechanism: Temporary Elevated Cloud Access