Safeguard
Tag

aws-iam

Safeguard articles tagged "aws-iam" — guides, analysis, and best practices for software supply chain and application security.

10 articles

Cloud Security

AWS IAM: common vulnerabilities and fixes

Rhino Security Labs catalogs 21+ IAM privilege-escalation paths to full admin — most start with one over-scoped policy nobody remembers writing.

Jul 16, 20266 min read
Cloud Security

Common AWS IAM privilege-escalation paths and how to design least privilege

Rhino Security Labs cataloged 21 distinct AWS IAM privilege-escalation methods in 2018 — most still work today, and most are invisible to a manifest scan.

Jul 14, 20266 min read
Cloud Security

A guide to AWS IAM permissions boundaries for delegated administration

AWS IAM lets any principal with iam:CreateRole and iam:AttachRolePolicy hand themselves admin — permissions boundaries are the one native control built to stop it.

Jul 8, 20265 min read
Kubernetes Security

Hardening Amazon EKS With Native AWS Controls

AWS secures the EKS control plane and etcd — everything else, from IAM to security groups to node OS patching, is on you under the shared responsibility model.

Jul 8, 20267 min read
Application Security

AWS IAM permissions boundaries best practices

How AWS IAM permissions boundaries cap delegated identities, differ from SCPs, and where teams get privilege escalation wrong.

Jun 20, 20267 min read
Cloud Security

How to rotate AWS IAM access keys

A step-by-step guide to safely rotate AWS IAM access keys with zero downtime, plus how to turn it into a lasting credential rotation policy.

Feb 21, 20267 min read
Cloud Security

Best practices for implementing least-privilege IAM polic...

A practical guide to designing least-privilege IAM policies in AWS: permission boundaries, policy patterns, and habits that keep access tight as teams scale.

Jan 21, 20267 min read
Cloud Security

Using AWS IAM Access Analyzer to find unused and external...

How AWS IAM Access Analyzer surfaces unused permissions and external access risk across your AWS accounts, and where native findings need extra context to prioritize.

Jan 19, 20266 min read
Cloud Security

Common AWS IAM misconfigurations that lead to breaches

Capital One and Code Spaces both fell to AWS IAM misconfigurations, not novel exploits. Here's how overly permissive policies and privilege escalation paths cause real breaches.

Jan 17, 20268 min read
Cloud Security

AWS IAM policy misconfiguration vulnerability patterns

Wildcard policies, PassRole chains, and trust-policy gaps drive most AWS IAM breaches. Here's how these misconfiguration patterns actually get exploited.

Nov 4, 20257 min read
aws-iam — Safeguard Blog