AWS IAM Enumeration

Configure AWS cli

aws configure

OR configure it using a profile

aws configrue --profile EXAMPLE_NAME

The credential file is located in

~/.aws/credentials

Commands:

1) Listing IAM access keys

aws iam list-access-keys

Enumerating IAM users

1) Checking credentials for the user

aws sts get-caller-identity

2) Listing IAM users

aws iam list-users

3) Enumerate users and roles via S3 Bucket Policy

aws s3api put-bucket-policy --bucket iam-enum --policy file://s3_policy.json

4) Listing the IAM groups that the specified IAM user belongs to

aws iam list-groups-for-user --user-name USER_NAME

5) Listing all manages policies that are attached to the specified IAM user

aws iam list-attached-user-policies --user-name USER_NAME

6) Listing the names of the inline policies embedded in the specified IAM user

aws iam list-user-policies --user-name USER_NAME

Enumerating IAM groups

1) Listing IAM groups

aws iam list-groups

2) Listing all managed policies that are attached to the specified IAM Group

aws iam list-attached-group-policies --group-name GROUP_NAME

3) Listing the names of the inline policies embedded in the specified IAM Group

aws iam list-group-policies --group-name GROUP_NAME

Enumerating IAM Roles

1) Listing IAM roles

aws iam list-roles

2) Listing all managed policies that are attached to the specified IAM role

aws iam list-attached-role-policies --role-name ROLE_NAME

3) Listing the names of the inline policies embedded in the specified IAM role

aws iam list-role-policies --role-name ROLE_NAME

Enumerating IAM Policies

1) Listing of IAM policies

aws iam list-policies

2) Retrieving information about the specified managed policy

aws iam get-policy --policy-arn POLICY_ARN

3) Listing information about the versions of the specified manages policy

aws iam list-policy-versions --policy-arn POLICY_ARN

4) Retrieving information about the specific version of the specified managed policy

aws iam get-policy-version --policy-arn POLICY_ARN --version-id VERSION_ID

Retrieving the specified inline policy document that is embedded on the specified IAM user / group / role

aws iam get-user-policy --user-name USER_NAME --policy-name POLICY_NAME

aws iam get-group-policy --group-name GROUP_NAME --policy-name POLICY_NAME

aws iam get-role-policy --role-name ROLE_NAME --policy-name POLICY_NAME

PreviousAWS IAM Definition NextExploitation Scenario

Last updated 4 months ago

hashtagConfigure AWS cli

hashtagOR configure it using a profile

hashtagThe credential file is located in

hashtagCommands:

hashtag1) Listing IAM access keys

hashtagEnumerating IAM users

hashtag1) Checking credentials for the user

hashtag2) Listing IAM users

hashtag3) Enumerate users and roles via S3 Bucket Policy

hashtag4) Listing the IAM groups that the specified IAM user belongs to

hashtag5) Listing all manages policies that are attached to the specified IAM user

hashtag6) Listing the names of the inline policies embedded in the specified IAM user

hashtagEnumerating IAM groups

hashtag1) Listing IAM groups

hashtag2) Listing all managed policies that are attached to the specified IAM Group

hashtag3) Listing the names of the inline policies embedded in the specified IAM Group

hashtagEnumerating IAM Roles

hashtag1) Listing IAM roles

hashtag2) Listing all managed policies that are attached to the specified IAM role

hashtag3) Listing the names of the inline policies embedded in the specified IAM role

hashtagEnumerating IAM Policies

hashtag1) Listing of IAM policies

hashtag2) Retrieving information about the specified managed policy

hashtag3) Listing information about the versions of the specified manages policy

hashtag4) Retrieving information about the specific version of the specified managed policy

hashtagRetrieving the specified inline policy document that is embedded on the specified IAM user / group / role

Configure AWS cli

OR configure it using a profile

The credential file is located in

Commands:

1) Listing IAM access keys

Enumerating IAM users

1) Checking credentials for the user

2) Listing IAM users

3) Enumerate users and roles via S3 Bucket Policy

4) Listing the IAM groups that the specified IAM user belongs to

5) Listing all manages policies that are attached to the specified IAM user

6) Listing the names of the inline policies embedded in the specified IAM user

Enumerating IAM groups

1) Listing IAM groups

2) Listing all managed policies that are attached to the specified IAM Group

3) Listing the names of the inline policies embedded in the specified IAM Group

Enumerating IAM Roles

1) Listing IAM roles

2) Listing all managed policies that are attached to the specified IAM role

3) Listing the names of the inline policies embedded in the specified IAM role

Enumerating IAM Policies

1) Listing of IAM policies

2) Retrieving information about the specified managed policy

3) Listing information about the versions of the specified manages policy

4) Retrieving information about the specific version of the specified managed policy

Retrieving the specified inline policy document that is embedded on the specified IAM user / group / role