When an IAM user can execute a Privilege Escalation by using PassRole and CreateFunction and lambda:InvokeFunction, it means they can create and invoke a Lambda function with privileges beyond what they should have, potentially leading to unauthorized access or data theft.
The steps to remediate this issue include:
- Restrict the IAM user's permissions to only the necessary actions and resources.
- Review and modify any policies that grant overly permissive privileges to the IAM user.
- Implement least privilege access by using IAM roles to grant only the necessary permissions to the Lambda function.
- Ensure that the IAM user cannot create, modify, or delete any Lambda functions that could be used for privilege escalation.
- Monitor the IAM user's activity for any unusual behavior, and configure CloudTrail logs to alert on any suspicious activity.
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.