Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

AWS privileged permissions: what cloud IAM teams need to know


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 12212
Topic starter  

TL;DR: July 2025 AWS service updates introduced new privileged permissions across Bedrock AgentCore, SageMaker, Oracle Database@AWS, VPC Lattice, and security tooling, creating fresh paths for privilege escalation, lateral movement, persistence, and defence evasion, according to Sonrai Security. The governance problem is not the new services themselves but the way cloud access boundaries expand faster than review, scope, and control models can keep up.

NHIMG editorial — based on content published by Sonrai Security: July recap of new AWS services and privileged permissions

By the numbers:

Questions worth separating out

Q: What should security teams do when AWS introduces new privileged permissions?

A: They should treat each new permission as a governance change, not a routine feature update.

Q: Why do new cloud service permissions create lateral movement risk?

A: Because lateral movement in cloud environments often comes from configuration rights, not stolen passwords.

Q: How should teams govern AI runtime permissions in AWS?

A: Separate the right to deploy an AI runtime from the right to operate or modify it.

Practitioner guidance

  • Reclassify new AWS actions as privileged by default Review newly introduced service permissions before they reach production roles, with special attention to actions that create runtimes, update gateways, alter policies, or expose presigned access paths.
  • Split deployment rights from runtime control Ensure the identity that can deploy an AI service cannot also silently update the runtime image, execution role, or downstream tool targets without separate approval and logging.
  • Extend PAM to cloud configuration authority Include network association, peering, gateway, and policy modification permissions in privileged access reviews so service topology changes are governed like admin access.

What's in the full article

Sonrai Security's full blog post covers the operational detail this post intentionally leaves for the source:

  • Service-by-service permission table for the AWS actions introduced in July, including why each one is privileged
  • MITRE tactic mapping for each permission, useful when you are translating cloud IAM findings into detection and control work
  • Specific examples of how Bedrock AgentCore, SageMaker, and network permissions can be abused in real environments
  • The vendor's remediation framing for organisations trying to keep pace with AWS service expansion

👉 Read Sonrai Security's July recap of new AWS privileged permissions →

AWS privileged permissions: what cloud IAM teams need to know?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

New cloud permissions are governance events, not just product events. When AWS introduces permissions that can start runtimes, alter gateway targets, or change network policy, the security surface changes before the organisation has re-reviewed roles. That is why cloud identity programmes need to treat every privileged permission release as a review trigger. The practical consequence is that entitlement governance must track service evolution as closely as infrastructure teams do.

A few things that frame the scale:

A question worth separating out:

Q: How do we know if cloud permissions are exceeding intended privilege?

A: Look for permissions that change topology, encryption control, or security findings without a corresponding business need. If a role can alter gateway targets, network controls, or key association settings, it is already operating beyond a narrow service-account model and should be recertified.

👉 Read our full editorial: New AWS privileged permissions are widening cloud access risk



   
ReplyQuote
Share: