Investigating IAM Incidents in AWS: Preparation

Question

For the question:&nbsp;The ‘MetrolioQA’ IAM role in your account grants write access to a ‘metrolio’ role from another account. What is the full name of the external principle? I can't seem to find insight onto the role. I am wondering about what is the location of the GUI I should be looking into more of.&nbsp;I have mostly been digging throughout the csv download for any possible insights as well as the IAM access analyzer but I cant seem to get any good leads. Done through the MetrolioIAMAnalyst AWS role account.&nbsp;Summary: I am wondering if there is any direction that can be provided in which I can look into more for finding external principles.

kevinh · Accepted Answer

Nevermind, I was looking at the wrong section.&nbsp;had to parse the access analyzer instead. NOTE: Leveraged Gemini to help me learn about AWS' GUI more effectively

Forum Discussion

Investigating IAM Incidents in AWS: Preparation - Question 7

1 Reply

Featured Places

Help

Related Content

Incident Response and Forensics for EC2: Preparation

Incident Response: Suspicious Email – Part 3

Incident Response: Suspicious Email – Part 2 -Help Needed.

Threat Hunting: Investigating a Fake PoC Q9

Recent Discussions

Investigating IAM Incidents in AWS: Preparation - Question 7

Mobile Malware: Anubis Malware (Offensive) - Question 8,9

Immersive Labs – APT29: Threat Hunting with Splunk

Modern Encryption Issue

Lab not getting complete even it is correct