Did you know that an AWS IAM user can delete other users, self and even delete the root user. Learn to secure your AWS users with IAM policies and MFA.
AWS IAM Security
Use cases:-
Everything is automated and a script that removes users, roles and policies for the employees who left the company. Instead by mistake it removes current employees who has the admin rights who haven’t enabled the MFA. Still the script have to remove all the policies, roles and the associated certs, access-keys before user deletion occurs.
Another case, the user with console access can perform user deletion. This can be done by threat actor or user themselves.
In both cases, restoring policies for affected users can be cumbersome and error-prone.
Solutions hints:-
Proper AWS Config setup helps to find the related policies.
Enable AWS CloudTrail to trace events.
Recreate usernames and reassign their policies.
Test out user self deletion
Here we are testing out use case:- 2. AWS user test001 is getting deleted by the same user.
⚠️Warning⚠️
If you delete a user, you lose that user with all of its privileges and access to the resources assigned with it. This action can’t be undone.
For more of this check out link => https://medium.com/@josephvpeter7/aws-security-secure-users-b69e0befdfd0
Top comments (0)