Techly NewsGet the app

Get the latest tech news

ECScape: Understanding IAM Privilege Boundaries in Amazon ECS


ECScape: Understanding IAM Privilege Boundaries in Amazon ECS

In this post, I’ll walk you through how I discovered this cross‑container IAM credential exposure in Amazon ECS (Elastic Container Service), demonstrate the technique (dubbed “ECScape”), and share lessons learned for securing your own environments. Over this channel, the ECS control plane continuously pushes structured messages: heartbeats (keep-alives with sequence numbers), task lifecycle directives (start/stop/update commands), telemetry data, and – most importantly – IamRoleCredentials payloads. By impersonating the agent’s upstream connection, ECScape completely collapses that trust model: one compromised container can passively collect every other task’s IAM role credentials on the same EC2 instance and immediately act with those privileges.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of amazon ecs

amazon ecs

Photo of ecscape

ecscape

« Reflections on Soviet Amateur Photography
Johns Hopkins is building classified versions of its AI wargaming tools for DoD, IC »