Security researchers uncovered major flaws in default IAM roles used by AWS services like SageMaker, Glue, EMR, and Ray. These roles often grant excessive permissions such as AmazonS3FullAccess, exposing services to privilege escalation and full account takeover. Designed for ease of setup, these configurations unintentionally create hidden attack paths. These attack paths allow lateral movement and manipulation of other services across AWS environments.
Many AWS services rely on S3 to store important files like templates and scripts with predictable names.
Attackers can use full S3 access to read, write, and manipulate these critical files. In one example, a malicious Hugging Face model was used to deploy code that searched for Glue buckets. The code planted backdoors to steal credentials and enable further exploitation.
Another scenario showed how modifying CloudFormation templates allowed escalation to administrator privileges. Ray, an open-source project, also includes full S3 access in its default role. Compromising a Ray EC2 instance could expose all S3-based services within an account.
Similar risks are present in infrastructure-as-code tools like Terraform and Python libraries that use insecure default roles.
AWS reacted by limiting permissions in default roles for SageMaker, Glue, and EMR and updated documentation. Ray has not addressed these concerns yet. Security teams must audit IAM roles and restrict permissions to only what is necessary. Regular monitoring and avoiding broad access policies are key to securing AWS environments.
