[AWS] Add boundary support

[Renizmy]

Hello,
In corporate environments, it is common to have boundary policies implemented. It could be interesting to be able to import them to be more "realistic"

Link: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html

[christophetd]

Thanks for the suggestion!

To make sure I understand this properly, are you suggesting that we add a new attack technique related to permissions boundaries, or something else?

[Renizmy]

Something else, for example this scenario needs to create a new role. In corporate environnement, a common scenario is to restrict the creation of new role by importing a boundary

The main idea is to add an optional parameter to be able to import a boundary for creating this type of resources

[christophetd]

What do you mean by "import a boundary"?

[Renizmy]

Something like it: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role#permissions_boundary

[christophetd]

The current pre-requisites for Stratus Red Team indicate that you should run it as admin, in a sandbox. Documenting each and every permission required for each technique might be a valuable item, I'm going to track this in #555