whx
/
killchain-compendium
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

added details about session token

This commit is contained in:
gurkenhabicht 2024-02-19 18:44:03 +01:00
parent 57dfce6400
commit 4032ccbcad
1 changed files with 23 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
Enumeration/AWS.md
View File

@ -11,7 +11,9 @@ Watch out for the global and regional __Security Token Service__ (STS) which
provides temporary access to third party identities, since regional STS are provides temporary access to third party identities, since regional STS are
also valid in other regions. Global STS are only valid in default regions. also valid in other regions. Global STS are only valid in default regions.
In aws cli, [Regions](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-segions) got In aws cli,
[Regions](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-segions)
got
the cli argument `--region` the cli argument `--region`
## Identity Access Management (IAM) ## Identity Access Management (IAM)
@ -229,6 +231,12 @@ Add credentials to a profile which is not default via
aws configure --profile PROFILENAME aws configure --profile PROFILENAME
``` ```
Set a session token for the profile
```sh
aws configure --profile PROFILENAME set aws_session_token <sessionToken>
```
Sanity test a profile through checking its existance via Sanity test a profile through checking its existance via
```sh ```sh
@ -345,6 +353,13 @@ Use aws cli to create a session token through STS.
aws sts get-session-token aws sts get-session-token
``` ```
If you want to set a profile for a principal that has only an session token use this aws cli commands.
```sh
aws configure --profile PROFILENAME
aws configure --profile PROFILENAME set aws_session_token <sessionToken>
```
Token can be applied to a user as a second factor. If the user is provided by another Token can be applied to a user as a second factor. If the user is provided by another
federated entity through idP the MFA needs to be provided federated entity through idP the MFA needs to be provided
through this solution. through this solution.
@ -898,9 +913,15 @@ aws ec2 run-instances --image-id <ImageIdOfGeneratedAMI> --instance-type t3a.mic
Take a look at the EC2 dashboard inside the webconsole to see the IP address of the created EC2 instance. Connect to the VM via SSH, using the generated keypair. Take a look at the EC2 dashboard inside the webconsole to see the IP address of the created EC2 instance. Connect to the VM via SSH, using the generated keypair.
#### EC2 & AutoScaling + Load Balancing #### Elastic Loadbalancer (ELB)
* The AutoScaling Group (ASG) scales down the oldest instance. * The AutoScaling Group (ASG) scales down the oldest instance.
* Only the Loadbalancer gets exposed, not the EC2 VMs. * Only the Loadbalancer gets exposed, not the EC2 VMs.
* A ELB can terminate the TLS session. * A ELB can terminate the TLS session.
* An Application ELB can have a WAF attached * An Application ELB can have a WAF attached
List available load-balancers via aws cli.
```sh
aws elbv2 describe-load-balancers --query Loadbalancers[].DNSName --output text
```