ssm:SendCommand Privilege Escalation

ssm:SendCommand runs arbitrary commands on a managed EC2 instance. If the target instance has a more-privileged instance-profile role, the attacker runs commands on it and uses the role credentials from the metadata service.

Permissions an attacker needs

• ssm:SendCommand

How the escalation works

• The attacker lists managed instances and finds one whose instance profile carries broad permissions.
• They send a command to that instance via SSM Run Command, executing as root or the SSM agent user.
• Their command reads the instance role credentials from the metadata service and uses them off-box.

Example vulnerable policy

A policy like this grants the dangerous permission. Paste your own policy into the free AI-Powered IAM analyzer to see if you are exposed.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "ssm:SendCommand",
      "Resource": "*"
    }
  ]
}

Example exploitation

For illustration only — run against accounts you own or are authorized to test.

aws ssm send-command \
  --document-name AWS-RunShellScript \
  --instance-ids i-0privileged \
  --parameters 'commands=["curl http://169.254.169.254/latest/meta-data/iam/security-credentials/"]'

How to detect and prevent it

• Scope ssm:SendCommand to specific instances using resource ARNs or the ssm:resourceTag condition.
• Keep instance-profile roles least-privileged so a compromised instance yields little.
• Require IMDSv2 and monitor SendCommand in CloudTrail for unexpected targets.

FAQ

Related escalation methods

• EC2 Instance Profile Swap Privilege Escalation
• iam:PassRole + EC2 RunInstances Privilege Escalation
• iam:CreateAccessKey Privilege Escalation

Amazon Web Services (AWS) is a trademark of Amazon.com, Inc. Shieldly is not affiliated with, endorsed by, or sponsored by Amazon Web Services.