IAM Role Risk Review Template

Overview

This template demonstrates a typical IAM role risk assessment conducted by Ghost SecOps. The assessment identifies excessive permissions, unused roles, and potential security risks in AWS IAM configurations.

Risk Scoring Methodology

• Critical (9-10): Direct path to privilege escalation or data breach
• High (7-8): Excessive permissions with potential for misuse
• Medium (4-6): Elevated permissions with limited scope
• Low (1-3): Minimal risk, follows least privilege

Sample IAM Role Assessment

Production Environment

Role Name	Before Risk Score	After Risk Score	Risk Reduction	Key Findings
prod-admin	9.5	3.0	68%	Removed unnecessary S3 and KMS permissions
prod-deploy	8.0	2.0	75%	Restricted to specific ECS clusters
prod-monitor	4.0	1.0	75%	Limited to read-only CloudWatch access
prod-db-admin	7.5	2.5	67%	Restricted to specific RDS instances
prod-lambda-exec	6.0	1.5	75%	Limited to specific Lambda functions

Staging Environment

Role Name	Before Risk Score	After Risk Score	Risk Reduction	Key Findings
stage-admin	8.5	4.0	53%	Removed production access
stage-deploy	7.0	2.0	71%	Restricted to staging resources
stage-monitor	4.0	1.0	75%	Limited to staging metrics
stage-db-admin	6.5	2.0	69%	Restricted to staging databases
stage-lambda-exec	5.0	1.5	70%	Limited to staging functions

Remediation Summary

Critical Findings

1. Excessive Admin Permissions

   • Removed unnecessary administrative access
   • Implemented role-based access control
   • Added permission boundaries

2. Cross-Environment Access

   • Eliminated production access from staging roles
   • Implemented environment isolation
   • Added resource tagging requirements

High Findings

1. Unused Permissions

   • Removed unused service permissions
   • Implemented permission usage monitoring
   • Added automated permission cleanup

2. Broad Resource Access

   • Restricted to specific resource ARNs
   • Implemented resource-level permissions
   • Added access logging

Risk Reduction Metrics

• Overall Risk Score: Reduced by 65%
• Critical Roles: Reduced by 68%
• High Risk Roles: Reduced by 71%
• Medium Risk Roles: Reduced by 75%
• Low Risk Roles: Maintained at acceptable level

Implementation Timeline

1. Week 1: Initial assessment and role mapping
2. Week 2: Permission analysis and risk scoring
3. Week 3: Remediation planning and testing
4. Week 4: Implementation and validation

Related Resources

• IAM Best Practices Guide
• Permission Boundaries Template
• Role Design Patterns
• Access Review Process