IAM Pass Role Filtering

Property	Value
Language
Severity
Service	iam
Provider	aws
Vulnerability Type	omission

Description

IAM policies are allowing the 'iam:PassRole' action without restrictions, enabling users or roles to assign any IAM role to AWS resources. This broad permission can lead to unintended privilege escalation if not properly controlled.

Impact

If exploited, users could assign themselves or others higher-privileged roles, potentially gaining unauthorized access to sensitive resources or administrative functions. This can result in compromised accounts, data exposure, or full environment takeover.

Resolution

Resolve permission escalations by denying pass role