Setting Up an IAM Privilege Escalation Lab
Imagine yourself setting up a shared cloud environment for a machine learning (ML) workshop for 100 participants. After preparing the cloud resources needed for the workshop session, you then proceed with the creation of Identity and Access Management (IAM) user accounts for accessing the resources running inside the cloud account. During the workshop session, you find out that all resources inside your cloud account have been deleted! It seems that the shared cloud account used by the workshop participants has been completely compromised. Upon investigation, you find out that one of the workshop participants was able to successfully escalate privileges by exploiting an IAM misconfiguration to gain unauthorized access and delete all resources inside the account.
In this chapter, we will set up an IAM privilege escalation lab that mimics the ML workshop environment we just talked about! Inside this realistic workshop environment, lab participants...