AWS CLI

Usefull commands - AWS CLI

Keep track of profiles

cat ~/.aws/credentials

Configure a named profile

aws configure --profile [profile-name]

configure — AWS CLI 2.32.3 Command Referencedocs.aws.amazon.com

aws configure set aws_access_key_id [key-id] --profile [profile-name]
aws configure set aws_secret_access_key [key-id] --profile [profile-name]
aws configure set aws_session_token [token] --profile [profile-name]
aws sts get-caller-identity --profile [profile-name]

$ export AWS_ACCESS_KEY_ID=<AWS_ACCESS_KEY_ID>
$ export AWS_SECRET_ACCESS_KEY=<AWS_SECRET_ACCESS_KEY>
$ export AWS_SESSION_TOKEN=<AWS_SESSION_TOKEN>
$ aws configure

Configuring environment variables for the AWS CLI - AWS Command Line InterfaceAWS Command Line Interface

Information about configured identity

aws sts get-caller-identity --profile [profile-name]

get-caller-identity — AWS CLI 2.32.3 Command Referencedocs.aws.amazon.com

Account ID

aws sts get-access-key-info --access-key-id <access-key> --profile <profile>

Stored Credentials

Windows

C:\Users\UserName\.aws

Linux

/home/UserName/.aws

cat credentials

Enumeration - Users

aws iam list-users

# With profile
aws iam list-users --profile [profile-name]

List the IAM groups that the specified IAM user belongs to :

aws iam list-groups-for-user --user-name [user-name]

List all manages policies that are attached to the specified IAM user :

aws iam list-attached-user-policies --user-name [user-name]

# With profile
aws iam list-attached-user-policies --user-name [user-name] --profile [profile-name]

aws iam get-policy --policy-arn arn:aws:iam::427648302155:policy/Policy

aws iam get-policy-version --profile [☺profile] --policy-arn arn:aws:iam::427648302155:policy/Policy --version-id v1

Lists the names of the inline policies embedded in the specified IAM user :

aws iam list-user-policies --user-name [user-name]

Get policy

aws iam get-user-policy --user-name [user-name] --policy-name [policy-name]

Enumeration - Groups

IAM Groups

aws iam list-groups

All users in a group

aws iam get-group --group-name [group-name]

All managed policies that are attached to the specified IAM Group

aws iam list-attached-group-policies --group-name [group-name]

Names of the inline policies embedded in the specified IAM Group

aws iam list-group-policies --group-name [group-name]

Enumeration - Roles

List of IAM Roles

aws iam list-roles

All managed policies that are attached to the specified IAM role

aws iam list-attached-role-policies --role-name [ role-name]

Names of the inline policies embedded in the specified IAM role

aws iam list-role-policies --role-name [ role-name]

Enumeration - Policies

List of all iam policies

aws iam list-policies

Information about the specified managed policy

aws iam get-policy --policy-arn [policy-arn]

# With profile
aws iam get-policy --policy-arn [policy-arn] --profile [profile-name]

Information about the versions of the specified manages policy

aws iam list-policy-versions --policy-arn [policy-arn]

Information about the specified version of the specified managed policy

aws iam get-policy-version --policy-arn [policy-arn] --version-id [version-id]
# Example
aws iam get-policy-version --policy-arn arn:aws:iam::427648302155:policy/Policy --version-id v4

# With profile
aws iam get-policy-version --policy-arn [policy-arn] --version-id [version-id] --profile [profile-name]

One of the permissions is iam:CreatePolicyVersion ? Use this to create a new version of the attached policy with privileged access

aws iam create-policy-version --policy-arn [policy-arn] --policy-document '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":"*","Resource":"*"}]}' --set-as-default --profile [profile-name]

Specified inline policy document that is embedded on the specified IAM user / group / role

aws iam get-user-policy --user-name user-name --policy-name [policy-name]
aws iam get-group-policy --group-name group-name --policy-name [policy-name]
aws iam get-role-policy --role-name role-name --policy-name [policy-name]

Enumeration - Cloud Services (EC2, S3 etc.) in an Organization AWS Account

aws ec2 describe-instances --profile [profile-name]

aws ec2 describe-instances --filters Name=instance-state-name,Values=running --query 'Reservations[].Instances[].[Tags[?Key==`Name`].Value | [0],InstanceId,Platform,State.Name,PrivateIpAddress,PublicIpAddress,InstanceType,PublicDnsName,KeyName]'

This might not return any results if you aren't in the same region. -> Run pacu ec2__enum module

Enumeration - Get Bucket Policy

aws s3api get-bucket-policy --bucket [bucket-name]
# Example
# aws s3api get-bucket-policy --bucket hl-it-admin

DynamoDB

aws dynamodb list-tables

aws dynamodb describe-table --table [table-name]

CodeCommit

aws codecommit list-repositories

aws codecommit get-repository --repository-name [repo-name]

# List branches
aws codecommit list-branches --repository-name [repo-name]

# Get details
aws codecommit get-branch --repository-name [repo-name] --branch-name dev

# Get the parent commit
aws codecommit get-commit --repository-name [repo-name] --commit-id [commit-id]

# Find the files that changed between commits
aws codecommit get-differences --repository-name [repo-name] --before-commit-specifier [parent-id] --after-commit-specifier [commit-id]

# Download file
aws codecommit get-file --repository-name [repo-name] --commit-specifier [commit-id] --file-path [file-path]

Interesting Book

Interesting Books

Disclaimer: As an Amazon Associate, I earn from qualifying purchases. This helps support this GitBook project at no extra cost to you.

Advanced Penetration Testing: Hacking AWS 2 This book delves deeper into analyzing the security of various AWS services and shows techniques and tactics used by an attacker to breach an AWS environment
Hands-On AWS Penetration Testing with Kali Linux Set up a virtual lab and pentest major AWS services, including EC2, S3, Lambda, and Cloud

PreviousRecon / Initial Access / Enum NextPacu

Last updated 6 months ago