EC2 instance uses a privileged IAM role



An EC2 instance has a risky, overly-permissive instance role.

If an attacker gains access to this EC2 instance, they can potentially pivot and compromise the associated AWS account.


  1. Reduce the permissions attached to the instance role using the concept of least-privileged access. You can use AWS Access Advisor.
  2. Once you identify the baseline permissions used by your instances, use AWS IAM Access Analyzer to generate an IAM policy based on past CloudTrail events.
  3. Redeploy the EC2 instance with updated instance profile and least-privileged permissions.