Skip to main content
All case studies
FMCG

Cloud Security Assessment Reveals IAM Privilege Escalation Chain at a Tier-1 Beverage Operator

AWS multi-account assessment uncovers S3 data exposure and IAM chain leading to full admin access

Client: Global Beverage Conglomerate

23
IAM privilege escalation paths to AdministratorAccess identified
7
Publicly accessible S3 buckets with PII secured
410K
Consumer PII records exposed in misconfigured S3 buckets
12
AWS accounts brought under unified security baseline

The Challenge

Multi-Account AWS Environment with No Centralized Security Visibility

A global beverage company with operations in 40+ countries had migrated critical workloads to AWS across 12 accounts — but each regional team had configured their own infrastructure independently. The global CISO suspected misconfigurations and excessive permissions but had no baseline assessment and no centralized cloud security posture management.

  • 12 AWS accounts across 4 regions with no standardised security baseline
  • Regional IT teams had created IAM roles with broad permissions for speed of deployment
  • S3 buckets containing distributor pricing, trade promotions, and consumer PII
  • No cloud-native security assessment ever performed — only traditional network scans

The Solution

Multi-Account AWS Security Assessment with IAM Deep Dive

Security Brigade performed a comprehensive cloud security assessment across all 12 AWS accounts, focusing on IAM privilege escalation paths, S3 bucket security, network exposure, and data protection controls. The assessment combined automated cloud security posture scanning with manual exploitation of identified misconfigurations to demonstrate real-world impact.

Services used

cloud-security vapt network-pt

Our approach

  1. 01 IAM analysis: Mapped all 847 IAM roles and policies — found 23 roles with AssumeRole chains leading to AdministratorAccess
  2. 02 S3 audit: Reviewed 340+ buckets — found 7 publicly accessible buckets containing distributor contracts and consumer survey data (410,000 records)
  3. 03 Network exposure: Identified 14 EC2 instances with public IPs and security groups allowing unrestricted inbound SSH/RDP
  4. 04 Privilege escalation: Demonstrated full chain from compromised developer credentials to Lambda execution role to cross-account AssumeRole to production admin

The Results

Full AWS Admin Access Chain Eliminated — 7 Public S3 Buckets Secured

Identified and remediated a privilege escalation chain that allowed any developer to reach production admin access across all accounts. Secured 7 publicly exposed S3 buckets containing 410,000 consumer PII records before any data breach occurred. The client subsequently implemented AWS Organizations with SCPs based on Security Brigade recommendations.

23
IAM privilege escalation paths to AdministratorAccess identified
7
Publicly accessible S3 buckets with PII secured
410K
Consumer PII records exposed in misconfigured S3 buckets
12
AWS accounts brought under unified security baseline

Ready to discuss your security needs?

Talk to our team about a similar engagement for your organisation.

Request a Scoping Call