AWS Pentesting Cheat Sheet (IAM)
Reference
Configure AWS Access & Secret Key
1
2
3
4
5
# Create profile.
aws configure --profile [name]
# Check whoami.
aws sts get-caller-identity --profile [name]
List IAM Uses
1
2
3
aws iam get-user --profile [name]
aws iam list-users --profile [name]
aws iam list-access-keys --profile [name]
Get User Permissions
List attached managed policies
1
aws iam list-attached-user-policies --user-name [user-name]
List inline policies
1
aws iam list-user-policies --user-name [user-name]
Get inline policy details
1
aws iam get-user-policy --user-name [user-name] --policy-name [policy-name]
List IAM Groups and Permissions
List groups
1
aws iam list-gtoups --profile [name]
List groups for a user
1
aws iam list-groups-for-user --user-name [user-name]
List group policies
1
2
aws iam list-attached-group-policies --group-name [group-name]
aws iam list-group-policies --group-name [group-name]
Get inline group policy details
1
aws iam get-group-policy --group-name [group-name] --policy-name [policy-name]
List IAM Roles and Permissions
List all roles
1
aws iam list-roles
Get role details (trust policy)
1
aws iam get-role --role-name [role-name]
List attached policies
1
aws iam list-attached-role-policies --role-name [role-name]
List inline policies
1
aws iam list-role-policies --role-name [role-name]
Get inline role policy details
1
aws iam get-role-policy --role-name [role-name] --policy-name [policy-name]
Get and Decode Policy Documents
Get a managed policy document (by ARN or name)
1
2
aws iam get-policy --policy-arn [policy-arn]
aws iam get-policy-version --policy-arn [policy-arn] --version-id [version-id]
View Full IAM Snapshot
Dump all IAM permissions (users, roles, groups, policies)
1
aws iam get-account-authorization-details
This post is licensed under
CC BY 4.0
by the author.