- Home
- IAM
- Identity Governance and Administration
- Enumerate IAM Permissions
Enumerate IAM Permissions
A security assessment tool that identifies AWS IAM permissions by systematically testing API calls to determine the actual scope of access granted to specific credentials.

Enumerate IAM Permissions
A security assessment tool that identifies AWS IAM permissions by systematically testing API calls to determine the actual scope of access granted to specific credentials.
Enumerate IAM Permissions Description
Enumerate IAM Permissions is a security assessment tool designed to identify and map the permissions associated with AWS credentials through systematic API call enumeration. The tool operates by performing brute-force testing against AWS APIs to determine which actions are permitted by a given IAM policy. It focuses primarily on non-destructive operations, specifically targeting get* and list* API calls to avoid causing any modifications or damage to the AWS environment during testing. The enumeration process helps security professionals and administrators understand the actual scope of permissions granted to specific AWS credentials, which may differ from the intended or documented permissions. This capability is particularly useful for security audits, privilege escalation assessments, and identifying potential over-privileged accounts. The tool provides visibility into the effective permissions of IAM policies by testing real API calls rather than relying solely on policy document analysis. This approach can reveal permissions that might be granted through complex policy combinations, inheritance, or service-linked roles that may not be immediately apparent from static policy review.
FEATURED
Password manager with end-to-end encryption and identity protection features
VPN service providing encrypted internet connections and privacy protection
Fractional CISO services for B2B companies to accelerate sales and compliance
Stay Updated with Mandos Brief
Get the latest cybersecurity updates in your inbox
TRENDING CATEGORIES
POPULAR
Security platform that provides protection, monitoring and governance for enterprise generative AI applications and LLMs against various threats including prompt injection and data poisoning.
A threat intelligence aggregation service that consolidates and summarizes security updates from multiple sources to provide comprehensive cybersecurity situational awareness.
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.