loading
Loading content
loading
Also known as identity misconfiguration
Identity and access management (IAM) decides who can do what in a cloud account. An IAM misconfiguration is a policy that grants too much: a wildcard action like iam:*, a role any service can assume, a user with administrator rights for a task that needs read-only access, or a trust policy open to external accounts. These mistakes accumulate as teams move fast and copy permissive examples from documentation.
This matters because identity is the control plane of the cloud. An attacker who lands with a low-privilege key looks for a misconfigured role to assume, then chains permissions until they reach administrator. Overly broad PassRole or policy-editing rights let an attacker rewrite their own access, the cloud equivalent of privilege escalation on a host.
IAM mistakes are a major subset of cloud misconfiguration, and cloud security posture management tools exist largely to catch them. They often combine with a cloud metadata attack, where a server-side request to the instance metadata endpoint steals the credentials an over-permissioned role exposes.
In Trickest you can enumerate roles and policies across accounts in a workflow, flag the dangerous grants, and rerun the check on a schedule to catch drift.
Related terms