Every scanner checks what exists. Nobody checks what's missing
Cloud security scanners typically check existing resources for misconfigurations but fail to detect orphaned references left behind after resource deletion. These dangling references in IAM policies, event rules, and configurations can lead to security gaps, especially when deleted resource names are reclaimed by attackers. The risk spans data exposure, privilege inheritance, and undetected system failures.
- ▪When cloud resources are deleted, references to them often remain in policies, triggers, and configurations.
- ▪Orphaned references to deleted S3 bucket names can allow attackers to claim the name and receive data intended for the original owner.
- ▪IAM trust policies protect against deleted role ARNs, but resource-based policies on S3, KMS, and SNS do not.
- ▪CloudWatch alarms may fire successfully but fail to notify if the target SNS topic has been deleted.
- ▪Reclaimed resource names in permission policies can lead to unintended data disclosure and compliance violations.
Opening excerpt (first ~120 words) tap to expand
try { if(localStorage) { let currentUser = localStorage.getItem('current_user'); if (currentUser) { currentUser = JSON.parse(currentUser); if (currentUser.id === 3862804) { document.getElementById('article-show-container').classList.add('current-user-is-article-author'); } } } } catch (e) { console.error(e); } Bala Paranj Posted on Apr 28 Every scanner checks what exists. Nobody checks what's missing #aws #security #cloud #devops When cloud resources are deleted, the references to them persist — in IAM policies, event triggers, compute configs, and trust relationships. These orphaned references create exploitable gaps that no per-resource scanner can detect. The finding doesn't live on any single resource. It lives in the space between what's referenced and what exists.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at DEV Community.
Discussion
0 commentsMore from DEV Community
