AWS Detect Role Creation
This search provides detection of role creation by IAM users. Role creation is an event by itself if user is creating a new role with trust policies different than the available in AWS and it can be used for lateral movement and escalation of privileges.
This content is not mapped to any local saved search. Add mapping
AWS Detect Role Creation Help
You must install splunk AWS add-on and Splunk App for AWS. This search works with cloudwatch logs
Open in Search