- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Amazon Cognito identity pools can be configured to offer guest access. Guest access allows unauthenticated users the ability to assume a role in your AWS account to perform various actions. Because any IAM role can be configured for unauthenticated access, guest access introduces the risk that unauthenticated users have more privileges than are intended.
The Cognito identity pool which triggered this detection is configured to support guest access for an IAM role that has administrative privileges. This would allow any external attacker the ability to assume the role and have complete access to the entire AWS account.
Datadog recommends reducing the permissions attached to the guest role to the minimum required for it to fulfill its function. Alternatively, guest access can be disabled on the pool to prevent an external adversary from being able to assume the role.