# AWS S3 Enumeration ## Usage * [Regions](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-segions) * `--region` ### Simple Storage Service (S3) * [S3](https://aws.amazon.com/s3/) * Methods of access control are as follows * [Bucket policies](https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-policies.html) * [S3 ACL](https://docs.aws.amazon.com/AmazonS3/latest/userguide/managing-acls.html) * Scheme is ```sh http://.s3.amazonaws.com/file.name ``` or ```sh http://s3.amazonaws.com/BUCKETNAME/FILENAME.ext ``` * __List content of public bucket via__ ```sh aws s3 ls s3:/// --no-sign-request ``` * Download via `curl`, `wget` or `s3` cli via ```sh aws s3 cp s3:///foo_public.xml . --no-sign-request ``` #### ACL * `Anyone`, just `curl` * `AuthenticatedUsers`, `s3` cli with aws key ## IAM * Not necessarily used by s3 * Access key ID, starts with `AKIA` + 20 chars * Secret access key * Session token, `ASIA` + sessionToken * Add credentials to profile via ```sh aws configure --profile PROFILENAME ``` * Config and credentials is stored at `~/.aws` * Sanity test profile via ```sh aws s3 ls --profile PROFILENAME ``` * Find account ID to an access key ```sh aws sts get-access-key-info --access-key-id AKIAEXAMPLE ``` * Find username to an access key ```sh aws sts get-caller-identity --profile PROFILENAME ``` * Listing EC2 instances of an account ```sh aws ec2 describe-instances --output text --profile PROFILENAME ``` * aws ec2 describe-instances --output text --profile PROFILENAME ```sh aws ec2 describe-instances --output text --profile PROFILENAME ``` * In another region ```sh aws ec2 describe-instances --output text --region us-east-1 --profile PROFILENAME ``` ### AWS ARN * Unique ID is create via the following scheme ```sh arn:aws::::/ ``` ### Secrets ```sh aws secretsmanager help aws secretsmanager list-secrets ws secretsmanager get-secret-value --secret-id --region ```