Learning Objectives

• Learn the basics of AWS accounts.

• Enumerate the privileges granted to an account, from an attacker's perspective.

• Familiarise yourself with the AWS CLI.

Task 2 : IAM : Users, Roles, Groups and Policies

IAM Overview

Amazon Web Services utilises the Identity and Access Management (IAM) service to manage users and their access to various resources, including the actions that can be performed against those resources. Therefore, it is crucial to ensure that the correct access is assigned to each user according to the requirements. Misconfiguring IAM has led to several high-profile security incidents in the past, giving attackers access to resources they were not supposed to access. Companies like Toyota, Accenture and Verizon have been victims of such attacks in the past, often exposing customer data or sensitive documents. Below, we will discuss the different aspects of IAM that can lead to sensitive data exposure if misconfigured.

IAM Users

A user represents a single identity in AWS. Each user has a set of credentials, such as passwords or access keys, that can be used to access resources. Furthermore, permissions can be granted at a user level, defining the level of access a user might have.

IAM Groups

Multiple users can be combined into a group. This can be done to ease the access management for multiple users. For example, in an organisation employing hundreds of thousands of people, there might be a handful of people who need write access to a certain database. Instead of granting access to each user individually, the admin can grant access to a group and add all users who require write access to that group. When a user no longer needs access, they can be removed from the group.

IAM Roles

An IAM Role is a temporary identity that can be assumed by a user, as well as by services or external accounts, to get certain permissions. Think of Sir Carrotbane, and how, depending on the battle ahead, he might need to assume the role of an attacker or a defender. When becoming an attacker, he will get permission to wield his shiny swords, but when assuming the role of a defender, he will instead get permission to carry a shield to better defend King Malhare.

IAM Policies

Access provided to any user, group or role is controlled through IAM policies. A policy is a JSON document that defines the following:

• What action is allowed (Action)

• On which resources (Resource)

• Under which conditions (Condition)

• For whom (Principal)

Task 3 : Practical: Enumerating a User's Permissions

Commands To Follow Step By Step :

aws iam list-user-policies --user-name sir.carrotbane

aws iam list-attached-user-policies --user-name sir.carrotbane

aws iam list-groups-for-user --user-name sir.carrotbane

aws iam get-user-policy --policy-name POLICYNAME --user-name sir.carrotbane

Task 5 : Grabbing a file from S3

What Is S3?

Amazon S3 stands for Simple Storage Service. It is an object storage service provided by Amazon Web Services that can store any type of object such as images, documents, logs and backup files. Companies often use S3 to store data for various reasons, such as reference images for their website, documents to be shared with clients, or files used by internal services for internal processing. Any object you store in S3 will be put into a "Bucket". You can think of a bucket as a directory where you can store files, but in the cloud.

Commands To Follow Step By Step :

aws s3api list-buckets

aws s3api list-objects --bucket easter-secrets-123145

aws s3api get-object --bucket easter-secrets-123145 --key cloud_password.txt cloud_password.txt

cat cloud_password.txt

Answer the questions below

Run aws sts get-caller-identity. What is the number shown for the "Account" parameter?

123456789012

What IAM component is used to describe the permissions to be assigned to a user or a group?

Policy

What is the name of the policy assigned to sir.carrotbane?

SirCarrotbanePolicy

Apart from GetObject and ListBucket, what other action can be taken by assuming the bucketmaster role?

ListAllMyBuckets

What are the contents of the cloud_password.txt file?

THM{more_like_sir_cloudbane}