AWS IAM attack paths
What is this lab?
A hands-on AWS environment focused on Identity and Access Management (IAM). You explore how users, groups, roles, policies, and trust relationships combine to create effective permissions—and how misconfiguration can enable privilege escalation and unintended access paths.
What you will learn
- Core IAM concepts: users, groups, roles, policies, and conditions
- Spotting overly permissive policies and risky wildcards
- How trust policies and role assumption create cross-identity paths
- Common privilege escalation patterns and how to reason about mitigation
- Structured review of policy documents and effective permissions
Prerequisites
Tools
- Web browser and access to the AWS console (or lab portal) as provided by CSN
Knowledge
- Basic cloud vocabulary (accounts, regions, resources)
- Willingness to read JSON policy documents carefully
Launch the lab
Open AWS IAM attack paths in CSN Labs →
Getting started
- Start the lab and open the AWS console or portal URL provided.
- Inventory users, groups, roles, and attached policies (managed and inline).
- Before testing escalation, document what each identity can already do.
How to use this lab
- Read policies for actions, resources, and conditions; combine with trust policies for roles.
- Track findings: identity, current access, possible escalation, business impact.
- Relate observations to least privilege and tighter trust boundaries.
Challenge themes
- Recon and mapping — identities, attachments, effective permissions
- Overly permissive policies — wildcards on actions or resources
- Trust and assumption — who can assume which roles and whether that is intended
- Escalation patterns — create/attach/pass role and related dangerous grants
- Remediation — scope reduction, policy splits, trust fixes
Scenarios
Scenario walkthroughs for this lab will be added here over time.
Safety and ethics
Use cloud labs only as authorized. Do not use these techniques against AWS accounts or organizations without explicit permission.