Identify and remediate public cloud compliance misconfigurations, mitigate security threats and control your expenses from one simple, easy to use platform.
ec2-009
Last Updated:
April 21, 2022
An Amazon Elastic Compute Cloud (EC2) instance with a public IP address is configured with an Identity and Access Management (IAM) role that grants administrative privileges to Simple Storage Service (S3). EC2 instances with public IP addresses are susceptible to compromise by a remote attacker who could gain control of the EC2 instance. An EC2 Instance configured with S3 administrative privileges is allowed to change S3 ownership permissions and the contents of the bucket without restriction. An attacker that gains control the publicly exposed EC2 instance would have administrative privilege to S3. Publicly exposed EC2 instances should have restricted IAM roles.
