From 4032ccbcad59e244407781e17c79963943ad8c29 Mon Sep 17 00:00:00 2001
From: gurkenhabicht <info@intheopen.org>
Date: Mon, 19 Feb 2024 18:44:03 +0100
Subject: [PATCH] added details about session token

---
 Enumeration/AWS.md | 25 +++++++++++++++++++++++--
 1 file changed, 23 insertions(+), 2 deletions(-)

diff --git a/Enumeration/AWS.md b/Enumeration/AWS.md
index 6b1b027..560a320 100644
--- a/Enumeration/AWS.md
+++ b/Enumeration/AWS.md
@@ -11,7 +11,9 @@ Watch out for the global and regional __Security Token Service__ (STS) which
 provides temporary access to third party identities, since regional STS are
 also valid in other regions. Global STS are only valid in default regions.
 
-In aws cli, [Regions](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-segions) got
+In aws cli,
+[Regions](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-segions)
+got
 the cli argument `--region`
 
 ## Identity Access Management (IAM)
@@ -229,6 +231,12 @@ Add credentials to a profile which is not default via
 aws configure --profile PROFILENAME
 ```
 
+Set a session token for the profile
+
+```sh
+aws configure --profile PROFILENAME set aws_session_token <sessionToken>
+```
+
 Sanity test a profile through checking its existance via
 
 ```sh
@@ -345,6 +353,13 @@ Use aws cli to create a session token through STS.
 aws sts get-session-token
 ```
 
+If you want to set a profile for a principal that has only an session token use this aws cli commands.
+
+```sh
+aws configure --profile PROFILENAME
+aws configure --profile PROFILENAME set aws_session_token <sessionToken>
+```
+
 Token can be applied to a user as a second factor. If the user is provided by another
 federated entity through idP the MFA needs to be provided
 through this solution.
@@ -898,9 +913,15 @@ aws ec2 run-instances --image-id <ImageIdOfGeneratedAMI> --instance-type t3a.mic
 
 Take a look at the EC2 dashboard inside the webconsole to see the IP address of the created EC2 instance. Connect to the VM via SSH, using the generated keypair.
 
-#### EC2 & AutoScaling + Load Balancing
+#### Elastic Loadbalancer (ELB)
 
 * The AutoScaling Group (ASG) scales down the oldest instance.
 * Only the Loadbalancer gets exposed, not the EC2 VMs.
 * A ELB can terminate the TLS session.
 * An Application ELB can have a WAF attached
+
+List available load-balancers via aws cli.
+
+```sh
+aws elbv2 describe-load-balancers --query Loadbalancers[].DNSName --output text
+```