AWS privilege escalation has evolved significantly, moving from traditional IAM policy abuses to complex service-based executions and AI-driven orchestration. Initially, the focus was on IAM misconfigurations, where attackers exploited permissions to modify their access rights. This included actions like iam:AttachUserPolicy and iam:CreateAccessKey. As AWS expanded its services, attackers began leveraging code execution capabilities, leading to new escalation vectors. Key actions now include updating Lambda functions and manipulating EventBridge events, showcasing how attackers can exploit existing services or create new ones using iam:PassRole. The latest developments in AWS escalation risk stem from AI-powered services, particularly those like Bedrock and AgentCore. These platforms allow for automated orchestration and execution of code across multiple services, creating entirely new attack paths. Actions specific to these services, such as bedrock-agentcore-control:CreateCodeInterpreter, are now critical in understanding the modern escalation landscape. Blocking certain AWS actions isn't as straightforward as it seems. Identity policies often determine what users can do, but not all AWS services allow granular control. For example, while resource policies can restrict access to S3 or Lambda, they are ineffective for actions like iam:CreatePolicyVersion, which lack resource-level permissions. Service Control Policies (SCPs) offer some defense but only for actions that support clear resource ARNs. Many IAM actions expose no resource ARNs, complicating efforts to enforce security at a granular level. This inconsistency in policy enforcement means that some high-risk actions remain difficult to control, exposing organizations to potential escalation threats.