# AWS S3 Enumeration

## Usage

* [Regions](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-segions)
    * `--region`

### Simple Storage Service (S3)
* [S3](https://aws.amazon.com/s3/)
* Methods of access control are as follows
    * [Bucket policies](https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-policies.html)
    * [S3 ACL](https://docs.aws.amazon.com/AmazonS3/latest/userguide/managing-acls.html)

* Scheme is
```sh
http://<bucketname>.s3.amazonaws.com/file.name
```
or
```sh
http://s3.amazonaws.com/BUCKETNAME/FILENAME.ext
```

* __List content of public bucket via__
```sh
aws s3 ls s3://<bucketname>/ --no-sign-request
```
* Download via `curl`, `wget` or `s3` cli via
```sh
aws s3 cp s3://<bucketname>/foo_public.xml . --no-sign-request
```

#### ACL

* `Anyone`, just `curl`
* `AuthenticatedUsers`, `s3` cli with aws key

## IAM

* Not necessarily used by s3
* Access key ID, starts with `AKIA` + 20 chars
* Secret access key
* Session token, `ASIA` + sessionToken

* Add credentials to profile via
```sh
aws configure --profile PROFILENAME
```
* Config and credentials is stored at `~/.aws`
* Sanity test profile via
```sh
aws s3 ls --profile PROFILENAME
```
* Find account ID to an access key
```sh
aws sts get-access-key-info --access-key-id AKIAEXAMPLE
```
* Find username to an access key
```sh
aws sts get-caller-identity --profile PROFILENAME
```
* Listing EC2 instances of an account
```sh
aws ec2 describe-instances --output text --profile PROFILENAME
```
* aws ec2 describe-instances --output text --profile PROFILENAME
```sh
aws ec2 describe-instances --output text --profile PROFILENAME
```
    * In another region
```sh
aws ec2 describe-instances --output text --region us-east-1 --profile PROFILENAME
```

### AWS ARN
* Unique ID is create via the following scheme
```sh
arn:aws:<service>:<region>:<account_id>:<resource_type>/<resource_name>
```

### Secrets

```sh
aws secretsmanager help
aws secretsmanager list-secrets
ws secretsmanager get-secret-value --secret-id <Name> --region <region>
```

## Check Permissions on S3 Bucket

* Do a `PUT` method to see if the bucket may be writeable to upload a file via
```sh
curl -vvv -X PUT $BUCKET_URL  --data "Test of write permissions"
```