check_confused_deputy_vulnerabilities

Analyze IAM roles for confused deputy vulnerabilities by identifying roles assumable by external entities without safeguards like external IDs or source ARN restrictions.

Instructions

Identify IAM roles that might be vulnerable to confused deputy attacks.

Confused deputy vulnerabilities occur when a role can be assumed by external entities
without proper safeguards such as external IDs or source ARN restrictions.

Args:
    all_roles: Set to True to check all roles in the account
    role_name: Specific IAM role to check (ignored if all_roles is True)
    limit: Maximum number of roles to check when all_roles is True
    include_aws_service_roles: Whether to include AWS service roles in the analysis
    
Returns:
    JSON string with vulnerability analysis results

Input Schema

Name	Required	Description	Default
`all_roles`	No
`include_aws_service_roles`	No
`limit`	No
`role_name`	No

Input Schema (JSON Schema)

{
  "properties": {
    "all_roles": {
      "default": true,
      "title": "All Roles",
      "type": "boolean"
    },
    "include_aws_service_roles": {
      "default": false,
      "title": "Include Aws Service Roles",
      "type": "boolean"
    },
    "limit": {
      "default": 100,
      "title": "Limit",
      "type": "integer"
    },
    "role_name": {
      "default": null,
      "title": "Role Name",
      "type": "string"
    }
  },
  "title": "check_confused_deputy_vulnerabilitiesArguments",
  "type": "object"
}

AWS Security MCP

check_confused_deputy_vulnerabilities

Instructions

Input Schema

Input Schema (JSON Schema)

Other Tools from AWS Security MCP

Related Tools