Update Inline Policy For User (aws)
Platform | Author | Last Update |
---|---|---|
aws | Nick Jones | 2024-12-02 |
An adversary may attempt to update the inline policy set on an IAM user, in order to alter the permissions assigned to a user they have compromised.
MITRE IDs
Required Permissions
- iam:PutUserPolicy
Required Parameters
Name | Type | Description | Example Value |
---|---|---|---|
user | str | user to add policy to | NONE |
policyname | str | name of new inline policy | ExamplePolicy |
policydocument | str | file of new inline policy to set | file://examplepolicy.json |
Attacker Action
Detection Case
ELK query
When logs are ingested into ELK, the following Lucene query can be used to identify relevant events.