AWS

tip

You will have to specify the profile you want to use if it is not the default one with --profile=<profile_name>.
For some commands you will have to specify the region with --region <eu-west-2>.
These commands are not OpSec safe and will trigger GuardDuty alerts.

AWS Access

info

If you compromised AWS keys, you can find Directly edit ~/.aws/credentials or use the command below.

[profile_name]
aws_access_key_id = XXX
aws_secret_access_key = XXX
aws_session_token = optional 
region = optional

If you have the password of the root account go here: https://signin.aws.amazon.com/console.

For IAM accounts go here: https://<account_id>.signin.aws.amazon.com/console.

aws configure --profile <profile_name>

Check the credentials

aws sts get-caller-identity

IAM

Generic

aws iam list-users --no-paginate
aws iam list-groups
aws iam list-policies
aws iam list-roles
aws iam get-user
aws iam list-access-keys
aws iam get-account-password-policy

Based on a user

aws iam list-groups-for-user --user-name <user_name>
aws iam list-attached-user-policies --user-name <user_name>
aws iam list-user-policies --user-name <user_name>

Based on a group

aws iam list-attached-group-policies --group-name <group_name>
aws iam list-group-policies --group-name <group_name>

Based on a role

# List all managed policies that are attached to the specified IAM role
aws iam list-attached-role-policies --role-name <role_name>

# Listthe names of the inline policies embedded in the specified IAM role
aws iam list-role-policies --role-name <role_name>

Based on policies

aws iam get-policy --policy-arn <policy_arn>
aws iam get-user-policy --user-name user-name --policy-name <policy_name>
aws iam get-group-policy --group-name group-name --policy-name <policy_name>
aws iam get-role-policy --role-name role-name --policy-name <policy_name>

S3

aws s3 ls
aws s3 ls --recursive s3://<bucket_name>
aws s3 cp s3://<bucket_name>/<path/to/file> <path/to/file>
aws s3 cp <path/to/file> s3://<bucket_name>/<path/to/file>
aws s3 sync s3://<bucket_name>/ <path>

aws s3api get-bucket-acl --bucket <bucket_name>
aws s3api get-bucket-policy --bucket <bucket_name>

aws s3api list-objects --bucket <bucket_name>
aws s3api get-object-acl --bucket-name <bucket_name> --key <object_name>

EC2

aws ec2 describe-instances
aws ec2 describe-instance-status
aws ec2 describe-tags
aws ec2 describe-vpcs
aws ec2 describe-subnets
aws ec2 describe-security-groups
aws ec2 describe-key-pairs
aws ec2 describe-images
aws ec2 describe-network-interfaces

RDS

aws rds describe-db-clusters
aws rds describe-db-instances
aws rds describe-db-snapshots
aws rds describe-db-cluster-snapshots

Elasticache

aws elasticache describe-cache-clusters
aws elasticache describe-replication-groups
aws elasticache describe-snapshots

Lambda

aws lambda list-functions
aws lambda list-layers
aws lambda list-event-source-mappings
aws lambda get-function --function-name <lambda_name>

CloudFront

aws cloudfront list-distributions

CloudWatch

aws cloudwatch describe-alarms

AWS Access​

Check the credentials​

IAM​

Generic​

Based on a user​

Based on a group​

Based on a role​

Based on policies​

S3​

EC2​

RDS​

Elasticache​

Lambda​

CloudFront​

CloudWatch​