AWS assessment report

https://app.hubspot.com/documents/3422282/view/87999488?accessId=ed0e6f ![image](https://hackmd.io/_uploads/HkhGeUTLA.png) ![image](https://hackmd.io/_uploads/BJP4g868C.png) ![image](https://hackmd.io/_uploads/B1UrlLTL0.png) # Overly Permissive IAM Resource * iam:CreatePolicyVersion: escalate to full administrator permissions * iam:SetDefaultPolicyVersion: differences of permissions that the different policy versions allow. * iam:PassRole and ec2:RunInstances: login to the instance and request the associated AWS keys from the EC2 instance meta data, get all permission belong to ec2. * iam:CreateLoginProfile * iam:UpdateLoginProfile * iam:AttachUserPolicy, iam:AttachGroupPolicy, or iam:AttachRolePolicy * iam:PutUserPolicy, iam:PutGroupPolicy, or iam:PutRolePolicy * iam:AddUserToGroup * iam:UpdateAssumeRolePolicy * iam:PassRole, lambda:CreateFunction, and lambda:InvokeFunction