AWS Detect Role Creation


This search provides detection of role creation by IAM users. Role creation is an event by itself if user is creating a new role with trust policies different than the available in AWS and it can be used for lateral movement and escalation of privileges.


AWS Detect Role Creation Help

You must install splunk AWS add-on and Splunk App for AWS. This search works with cloudwatch logs


Open in Search