Why it matters in practice
Cloud Control-Plane Abuse matters because it shapes how an operator scopes the work, chooses validation steps, prioritizes evidence and explains risk. The point is not to accumulate trivia; it is to understand which control boundary is in play and how that boundary can fail under realistic pressure.
Primary coverage
- Map which identities can create, assume, attach, impersonate or modify other identities.
- Track management APIs separately from workload traffic. The control plane is usually the real prize.
- Look for privilege expansion by inheritance: instance profiles, managed identities, service accounts and automation roles.
- Pay attention to metadata access, token minting paths and temporary credential lifetimes.
Selected public references
Write findings in terms of trust crossed, scope enlarged and business or operational effect reached. That keeps the note useful whether you are validating a lab, an internal research target or a live customer environment.
Selected public references
- AWS STS AssumeRoleRole assumption semantics and temporary credentials.
- Azure Managed IdentitiesManaged identity trust and workload-side token acquisition.
- GCP Service Account ImpersonationService-account token creation and delegation.