EC2 Instance Profile Swap Privilege Escalation

With iam:PassRole and ec2:ReplaceIamInstanceProfileAssociation, an attacker swaps a privileged instance profile onto an EC2 instance they can run code on, then reads the role credentials from the instance metadata service.

Permissions an attacker needs

• iam:PassRole
• ec2:ReplaceIamInstanceProfileAssociation

How the escalation works

• The attacker controls or can run commands on an EC2 instance.
• They replace the instance profile association with a profile wrapping a privileged role they may pass.
• They read the new role credentials from the instance metadata service and act with its permissions.

Example vulnerable policy

A policy like this grants the dangerous permission. Paste your own policy into the free AI-Powered IAM analyzer to see if you are exposed.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": ["iam:PassRole", "ec2:ReplaceIamInstanceProfileAssociation", "ec2:AssociateIamInstanceProfile"],
      "Resource": "*"
    }
  ]
}

Example exploitation

For illustration only — run against accounts you own or are authorized to test.

aws ec2 replace-iam-instance-profile-association \
  --iam-instance-profile Name=privileged-profile \
  --association-id iip-assoc-0abc123
# then on the instance:
# curl http://169.254.169.254/latest/meta-data/iam/security-credentials/

How to detect and prevent it

• Scope iam:PassRole to specific roles with an iam:PassedToService condition for ec2.amazonaws.com.
• Restrict ec2:ReplaceIamInstanceProfileAssociation and ec2:AssociateIamInstanceProfile to administrators.
• Require IMDSv2 and limit which instance profiles can be associated with which instances.

FAQ

Related escalation methods

• iam:PassRole + EC2 RunInstances Privilege Escalation
• iam:PassRole + ECS Privilege Escalation
• iam:AttachRolePolicy Privilege Escalation

Amazon Web Services (AWS) is a trademark of Amazon.com, Inc. Shieldly is not affiliated with, endorsed by, or sponsored by Amazon Web Services.