Identify and remediate public cloud compliance misconfigurations, mitigate security threats and control your expenses from one simple, easy to use platform.
April 21, 2022
An Identity Access and Management (IAM) user, group, or role can create new IAM policy versions. An IAM user account with this privilege that is compromised by a malicious actor could execute a privilege escalation and full account takeover by granting all privileges on all resources and setting this new policy as default. The iam:CreatePolicyVersion grants permission to set the new version as default thus making it instantly effective. Remove iam:CreatePolicyVersion from the IAM group or role.