All IAM escalation methodsCritical severity
AWS IAM privilege escalation • iam:PassRole + ecs:RunTask

iam:PassRole + ECS Privilege Escalation

With iam:PassRole and the ECS task APIs, an attacker registers a task definition whose task role is a privileged role, runs it, and the container receives temporary credentials for that role through the container metadata endpoint.

Permissions an attacker needs

  • iam:PassRole
  • ecs:RegisterTaskDefinition
  • ecs:RunTask

How the escalation works

  • The attacker registers a task definition that sets taskRoleArn to a privileged role they are allowed to pass.
  • They run the task on a cluster they can reach.
  • The container reads the role credentials from the ECS task metadata endpoint and acts with the role permissions.

Example vulnerable policy

A policy like this grants the dangerous permission. Paste your own policy into the free AI-Powered IAM analyzer to see if you are exposed.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": ["iam:PassRole", "ecs:RegisterTaskDefinition", "ecs:RunTask"],
      "Resource": "*"
    }
  ]
}

Example exploitation

For illustration only — run against accounts you own or are authorized to test.

aws ecs register-task-definition \
  --family esc --task-role-arn arn:aws:iam::ACCOUNT:role/privileged \
  --container-definitions '[{"name":"x","image":"amazonlinux","command":["/bin/sh","-c","curl 169.254.170.2$AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"]}]'
aws ecs run-task --task-definition esc --cluster default

How to detect and prevent it

  • Scope iam:PassRole to specific roles and add an iam:PassedToService condition for ecs-tasks.amazonaws.com.
  • Restrict ecs:RegisterTaskDefinition and ecs:RunTask so task roles cannot be chosen freely.
  • Apply a permissions boundary to roles that ECS tasks can assume.

FAQ

Why does the container get the role credentials automatically?

ECS exposes task-role credentials at a metadata endpoint inside the container. Any process in the task can read them, so the task role is effectively the attacker once the task runs.

Related escalation methods

Check your IAM policies for this — free

Shieldly's AI-Powered analyzer flags privilege-escalation paths, wildcards, and risky PassRole in seconds. No signup, no AWS credentials. Also ships as CLI, VS Code extension, GitHub Action, and CDK Guard.

Amazon Web Services (AWS) is a trademark of Amazon.com, Inc. Shieldly is not affiliated with, endorsed by, or sponsored by Amazon Web Services.