whx
/
killchain-compendium
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

added details about session token

This commit is contained in:
gurkenhabicht 2024-02-19 18:44:03 +01:00
parent 57dfce6400
commit 4032ccbcad
1 changed files with 23 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
Enumeration/AWS.md
View File

@ -11,7 +11,9 @@ Watch out for the global and regional __Security Token Service__ (STS) which
provides temporary access to third party identities, since regional STS are
also valid in other regions. Global STS are only valid in default regions.
In aws cli, [Regions](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-segions) got
In aws cli,
[Regions](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-segions)
got
the cli argument `--region`
## Identity Access Management (IAM)
@ -229,6 +231,12 @@ Add credentials to a profile which is not default via
aws configure --profile PROFILENAME
```
Set a session token for the profile
```sh
aws configure --profile PROFILENAME set aws_session_token <sessionToken>
```
Sanity test a profile through checking its existance via
```sh
@ -345,6 +353,13 @@ Use aws cli to create a session token through STS.
aws sts get-session-token
```
If you want to set a profile for a principal that has only an session token use this aws cli commands.
```sh
aws configure --profile PROFILENAME
aws configure --profile PROFILENAME set aws_session_token <sessionToken>
```
Token can be applied to a user as a second factor. If the user is provided by another
federated entity through idP the MFA needs to be provided
through this solution.
@ -898,9 +913,15 @@ aws ec2 run-instances --image-id <ImageIdOfGeneratedAMI> --instance-type t3a.mic
Take a look at the EC2 dashboard inside the webconsole to see the IP address of the created EC2 instance. Connect to the VM via SSH, using the generated keypair.
#### EC2 & AutoScaling + Load Balancing
#### Elastic Loadbalancer (ELB)
* The AutoScaling Group (ASG) scales down the oldest instance.
* Only the Loadbalancer gets exposed, not the EC2 VMs.
* A ELB can terminate the TLS session.
* An Application ELB can have a WAF attached
List available load-balancers via aws cli.
```sh
aws elbv2 describe-load-balancers --query Loadbalancers[].DNSName --output text
```