All IAM escalation methodsCritical severity
AWS IAM privilege escalation • iam:PassRole + lambda:CreateFunction + lambda:CreateEventSourceMapping

Lambda Event Source Mapping Privilege Escalation

An attacker creates a Lambda function with a privileged execution role and triggers it through an event source mapping (for example a DynamoDB or Kinesis stream), escalating without needing lambda:InvokeFunction.

Permissions an attacker needs

  • iam:PassRole
  • lambda:CreateFunction
  • lambda:CreateEventSourceMapping

How the escalation works

  • The attacker creates a function whose execution role is a privileged role they may pass, with code that uses the role.
  • They attach an event source mapping from a stream they can write to.
  • Writing a record to the stream invokes the function, which runs with the privileged role.

Example vulnerable policy

A policy like this grants the dangerous permission. Paste your own policy into the free AI-Powered IAM analyzer to see if you are exposed.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": ["iam:PassRole", "lambda:CreateFunction", "lambda:CreateEventSourceMapping"],
      "Resource": "*"
    }
  ]
}

Example exploitation

For illustration only — run against accounts you own or are authorized to test.

aws lambda create-function --function-name esc \
  --runtime nodejs20.x --role arn:aws:iam::ACCOUNT:role/privileged \
  --handler index.handler --zip-file fileb://fn.zip
aws lambda create-event-source-mapping --function-name esc \
  --event-source-arn arn:aws:dynamodb:REGION:ACCOUNT:table/T/stream/... --starting-position LATEST

How to detect and prevent it

  • Scope iam:PassRole with an iam:PassedToService condition for lambda.amazonaws.com and a specific role allowlist.
  • Restrict lambda:CreateFunction and lambda:CreateEventSourceMapping to trusted automation.
  • Apply a permissions boundary to Lambda execution roles.

FAQ

Why use an event source mapping instead of just invoking?

It avoids needing lambda:InvokeFunction. Any write to the mapped stream triggers the function, so the attacker escalates with only create permissions and stream-write access.

Related escalation methods

Check your IAM policies for this — free

Shieldly's AI-Powered analyzer flags privilege-escalation paths, wildcards, and risky PassRole in seconds. No signup, no AWS credentials. Also ships as CLI, VS Code extension, GitHub Action, and CDK Guard.

Amazon Web Services (AWS) is a trademark of Amazon.com, Inc. Shieldly is not affiliated with, endorsed by, or sponsored by Amazon Web Services.