IAM User with inline Admin access is a situation where an IAM user has been granted the AWS managed AdministratorAccess policy or a custom policy that includes unrestricted * permissions. This gives the user full administrative access to the AWS account, allowing them to create, modify or delete any AWS resource, as well as manage other IAM users and roles. An IAM User with inline Admin access is considered a high-security risk since it can lead to accidental or intentional damage to the AWS environment, data leakage, or exposure of sensitive information.
If an IAM user has inline admin access, it means they have the ability to grant or revoke permissions to themselves or other users. This creates a security risk because it increases the likelihood of privilege escalation, which could lead to unauthorized access to sensitive resources. Here are the remediation steps:
By following these steps, the risk of privilege escalation by an IAM user can be significantly reduced. It is also recommended to review IAM policies and roles on a regular basis to ensure that access is properly managed and all users have the least privilege necessary to perform their job functions.