What if you could maintain AWS access indefinitely without creating users or keys? Role chain juggling takes advantage of a built-in AWS behavior: when you use one assumed role to assume another, the credential expiration timer resets.

This means you can chain assume-role calls repeatedly to keep credentials fresh. You can even chain the same role to itself if the trust policy allows it, or find two roles that can assume each other and cycle between them.

https://hackingthe.cloud/aws/post_exploitation/role-chain-juggling/?mtm_campaign=social_mastodon