A recent investigation by security researchers has exposed critical vulnerabilities in the default IAM roles of several Amazon Web Services (AWS) offerings, including SageMaker, Glue, and EMR, as well as open-source projects like Ray.
These roles, often automatically created or recommended during service setup, come with overly permissive policies such as AmazonS3FullAccess.
This broad access, intended to simplify user onboarding, inadvertently creates silent attack paths that enable privilege escalation, cross-service tampering, and even full account compromise.
.png
)
Uncovering Hidden Risks in AWS Default Roles
The research, responsibly disclosed to AWS, prompted swift action to revise default policies and issue updated security guidance.
The core issue lies in the excessive permissions granted by default roles like AWSGlueServiceRole, AmazonSageMaker-ExecutionRole, and AmazonEMRStudio_RuntimeRole, which often include unrestricted S3 access.
With AmazonS3FullAccess, a compromised role can read from and write to every S3 bucket in an account, far beyond its intended scope.
Many AWS services, such as CloudFormation, CDK, and SageMaker, rely on S3 to store critical assets like scripts and templates with predictable naming patterns (e.g., cf-templates-{Hash}-{Region}).
From Limited Access to Full Control
Attackers can exploit this access to enumerate buckets, inject malicious content, and manipulate other services, effectively pivoting across the environment.
In one chilling scenario, a malicious Hugging Face model loaded into SageMaker executed code under a privileged role, scanning for Glue asset buckets and planting backdoors in job scripts to steal credentials.
Another attack path demonstrated how limited Glue access could escalate to admin-level control by modifying CloudFormation templates in staging buckets, capitalizing on deployments often executed with elevated privileges.
Beyond AWS services, the flaw extends to open-source tools like Ray, which hardcodes AmazonS3FullAccess into its default role, ray-autoscaler-v1.
Compromising a Ray EC2 instance could grant attackers a foothold to tamper with S3-dependent services account-wide.
The research highlights a broader trend in infrastructure-as-code (IaC) deployments, where convenience often trumps security, embedding similarly risky permissions in tools like Terraform and Python libraries.
According to the Report, AWS responded decisively to the disclosure, scoping down S3 permissions for SageMaker, Glue, and EMR default roles, updating Lightsail documentation to avoid broad policies, and notifying affected users.
While CDK and other services were deemed to operate as intended, AWS reinforced best practices through enhanced documentation.
However, the Ray project has yet to address similar concerns at the time of reporting.
Organizations must act urgently to mitigate these risks by auditing IAM roles, restricting S3 access to specific buckets, and adhering to the principle of least privilege.
Default configurations, designed for ease, can no longer be trusted as secure.
Regular monitoring and policy refinement are critical to prevent attackers from exploiting these stealthy pathways to compromise entire cloud environments.
This discovery serves as a stark reminder that even well-intentioned defaults can harbor significant threats in complex cloud ecosystems, demanding proactive security measures to safeguard critical infrastructure.
Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!
 offerings.){kind=link}