Guides

Toxic Combination - Blended Rules

1.6: Ensure the Public AWS EC2 instance does not have an IAM Role assigned with all resource access

šŸ“˜ Public EC2 instances with unrestricted IAM roles can be exploited, potentially granting unauthorized access to your AWS resources.

  • Section: Identity and Access Management
  • Severity: Critical
  • CWE: CWE-250 Execution with Unnecessary Privileges
  • Assurance Scope: PCI, NIST
  • Threat Modeling Principal: Information Disclosure, Escalation of Privileges
  • Rule Set: Rapticore Benchmark

1.7: Ensure the Non-Public AWS EC2 instance does not have an IAM Role assigned with all resource access

šŸ“˜ Even non-public EC2 instances shouldn't have unrestricted IAM roles. Privilege escalation can occur if breached.

  • Section: Identity and Access Management
  • Severity: High
  • CWE: CWE-250 Execution with Unnecessary Privileges
  • Assurance Scope: PCI, NIST
  • Threat Modeling Principal: Information Disclosure, Escalation of Privileges
  • Rule Set: Rapticore Benchmark

3.11: Public AWS EC2 with over permissive IAM role and IMDSv1 Enabled

šŸ“˜ Combining IMDSv1 with over permissive IAM roles on public EC2 can amplify risks, from data breaches to malicious resource manipulation.

  • Section: Public Exposure
  • Severity: Critical
  • CWE: CWE-668 Exposure of Resource to the Wrong Sphere
  • Assurance Scope: PCI, NIST, GDPR, HIPPA
  • Threat Modeling Principal: Tampering, Information Disclosure, Escalation of Privileges
  • Rule Set: Threat Modeling - Cloud Configuration Check

3.12: Public AWS EC2 with IMDSv1 Enabled

šŸ“˜ IMDSv1 on public EC2 instances lacks certain security features, making them more susceptible to unauthorized resource access or data exfiltration.

  • Section: Public Exposure
  • Severity: Critical
  • CWE: CWE-668 Exposure of Resource to the Wrong Sphere
  • Assurance Scope: PCI, NIST, GDPR, HIPPA
  • Threat Modeling Principal: Tampering, Information Disclosure, Escalation of Privileges
  • Rule Set: Threat Modeling - Cloud Configuration Check

3.13: Public AWS EC2 with Over permissive IAM Role

šŸ“˜ Public EC2 instances with excessively broad IAM roles can become key targets, leading to resource misuse or data compromise.

  • Section: Public Exposure
  • Severity: Critical
  • CWE: CWE-668 Exposure of Resource to the Wrong Sphere
  • Assurance Scope: PCI, NIST, GDPR, HIPPA
  • Threat Modeling Principal: Tampering, Information Disclosure, Escalation of Privileges
  • Rule Set: Threat Modeling - Cloud Configuration Check

Updated 12 months ago

Whatā€™s Next