Cybersecurity researchers from Aqua Security have uncovered critical vulnerabilities in default Identity and Access Management (IAM) roles automatically created by Amazon Web Services (AWS). These default roles—often granted overly permissive access like AmazonS3FullAccess—can be exploited by attackers to escalate privileges, move laterally across services, and even fully compromise AWS accounts.
The affected services include widely used AWS offerings like SageMaker, Glue, EMR, and Lightsail, all of which generate IAM roles by default. Although designed to streamline setup and service integration, these roles inadvertently introduce dangerous attack paths, especially when organizations fail to customize or audit the default permissions.
IAM Misconfigurations Open the Door for Lateral Movement
The issue lies in the broad and unnecessary permissions attached to these default roles. For example, a default SageMaker role named AmazonSageMaker-ExecutionRole-<Date&Time> grants full S3 access. Similarly, Glue’s AWSGlueServiceRole and EMR’s AmazonEMRStudio_RuntimeRole_<Epoch-time> also come bundled with AmazonS3FullAccess—allowing read/write access across every S3 bucket in the account.
This level of access becomes a launchpad for attackers. If a threat actor compromises one of these roles, they can search for buckets, modify CloudFormation templates, EMR scripts, or SageMaker resources, and eventually move laterally within the AWS environment. These actions can go undetected in accounts that rely on predictable S3 bucket naming patterns or default configurations.
Unlike prior bucket monopoly attacks, which required attackers to guess or anticipate bucket names, this threat allows adversaries to scan existing resources directly—no guesswork needed. They can even inject malicious machine learning models into platforms like Hugging Face, which, once imported into SageMaker, could execute arbitrary code and compromise additional services like Glue.
AWS Responds, but Experts Warn Against Default Trust
In response to the findings, AWS has updated its AmazonS3FullAccess policy for these default service roles. However, researchers stress that organizations cannot afford to rely on default IAM configurations.
“Default service roles must be tightly scoped and strictly limited to the specific resources and actions they require,” Aqua’s Yakir Kadkoda and Ofek Itach warned. “Organizations should proactively audit and update existing roles to minimize risk.”
These recommendations align with the principle of least privilege, a security best practice that dictates roles should only have the permissions absolutely necessary to perform their intended function.
In parallel, researchers from Varonis disclosed a separate privilege escalation vulnerability in Azure’s AI and HPC workloads. The issue, found in the AZNFS-mount utility, allows an unprivileged Linux user to escalate to root via a classic SUID binary flaw. If exploited, attackers could mount additional Azure storage containers, install malware or ransomware, or move laterally in hybrid cloud environments.
Microsoft has patched the issue in version 2.0.11, released on January 30, 2025.
