ABOUT
Overview
Use Cases
Mapping Methodology
Scoring Rubric
Related Projects
ATT&CK OBJECTS
Matrix
Tactics
Techniques
MAPPING FRAMEWORKS
About Mappings
Amazon Web Services (AWS)
Azure
CVE
Google Cloud Platform (GCP)
NIST 800-53
M365
VERIS
You're currently viewing ATT&CK Version 16.1 Enterprise and AWS 12.12.2024.
Change versions here.
Home
Mapping Frameworks
AWS Home
AWS Identity and Access Management
AWS
aws_identity_and_access_management
Mappings
AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.
Mappings
ATT&CK Version
16.1
ATT&CK Domain
Enterprise
AWS
12.12.2024
Change Versions
Capability ID
Capability Description
Category
Value
ATT&CK ID
ATT&CK Name
aws_identity_and_access_management
AWS Identity and Access Management
protect
partial
T1021.007
Cloud Services
aws_identity_and_access_management
AWS Identity and Access Management
protect
partial
T1078
Valid Accounts
aws_identity_and_access_management
AWS Identity and Access Management
detect
partial
T1078
Valid Accounts
aws_identity_and_access_management
AWS Identity and Access Management
protect
partial
T1078.004
Cloud Accounts
aws_identity_and_access_management
AWS Identity and Access Management
detect
minimal
T1078.004
Cloud Accounts
aws_identity_and_access_management
AWS Identity and Access Management
detect
minimal
T1098
Account Manipulation
aws_identity_and_access_management
AWS Identity and Access Management
detect
minimal
T1098.001
Additional Cloud Credentials
aws_identity_and_access_management
AWS Identity and Access Management
detect
minimal
T1098.005
Device Registration
aws_identity_and_access_management
AWS Identity and Access Management
protect
significant
T1110
Brute Force
aws_identity_and_access_management
AWS Identity and Access Management
protect
significant
T1110.001
Password Guessing
aws_identity_and_access_management
AWS Identity and Access Management
protect
significant
T1110.003
Password Spraying
aws_identity_and_access_management
AWS Identity and Access Management
protect
significant
T1110.004
Credential Stuffing
aws_identity_and_access_management
AWS Identity and Access Management
protect
minimal
T1528
Steal Application Access Token
aws_identity_and_access_management
AWS Identity and Access Management
protect
partial
T1548.005
Temporary Elevated Cloud Access
aws_identity_and_access_management
AWS Identity and Access Management
protect
minimal
T1550
Use Alternate Authentication Material
aws_identity_and_access_management
AWS Identity and Access Management
protect
minimal
T1550.001
Application Access Token
aws_identity_and_access_management
AWS Identity and Access Management
protect
significant
T1621
Multi-Factor Authentication Request Generation
aws_identity_and_access_management
AWS Identity and Access Management
protect
partial
T1648
Serverless Execution