- 필수 기능
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- 디지털 경험
- 소프트웨어 제공
- 보안
- 로그 관리
- 관리
- 인프라스트럭처
- ci
- containers
- csm
- ndm
- otel_guides
- overview
- slos
- synthetics
- tests
- 워크플로
Detect when the AdministratorAccess
policy is attached to an AWS IAM role.
This rule lets you monitor CloudTrail to detect if an attacker has attached the AWS managed policy AdministratorAccess
to an AWS IAM role via the AttachRolePolicy
API call.
{{@userIdentity.session_name}}
should have made a {{@evt.name}}
API call.AdministratorAccess
policy from the {{@requestParameters.roleName}}
role using the aws-cli
command detach-role-policy.{{@requestParameters.roleName}}
requires the AdministratorAccess policy to perform its intended function.