2.2 KiB
2.2 KiB
AWS S3 Enumeration
Usage
- Regions
--region
Simple Storage Service (S3)
-
Methods of access control are as follows
-
Scheme is
http://<bucketname>.s3.amazonaws.com/file.name
or
http://s3.amazonaws.com/BUCKETNAME/FILENAME.ext
- List content of public bucket via
aws s3 ls s3://<bucketname>/ --no-sign-request
- Download via
curl,wgetors3cli via
aws s3 cp s3://<bucketname>/foo_public.xml . --no-sign-request
ACL
Anyone, justcurlAuthenticatedUsers,s3cli with aws key
IAM
-
Not necessarily used by s3
-
Access key ID, starts with
AKIA+ 20 chars -
Secret access key
-
Session token,
ASIA+ sessionToken -
Add credentials to profile via
aws configure --profile PROFILENAME
- Config and credentials is stored at
~/.aws - Sanity test profile via
aws s3 ls --profile PROFILENAME
- Find account ID to an access key
aws sts get-access-key-info --access-key-id AKIAEXAMPLE
- Find username to an access key
aws sts get-caller-identity --profile PROFILENAME
- Listing EC2 instances of an account
aws ec2 describe-instances --output text --profile PROFILENAME
- aws ec2 describe-instances --output text --profile PROFILENAME
aws ec2 describe-instances --output text --profile PROFILENAME
* In another region
aws ec2 describe-instances --output text --region us-east-1 --profile PROFILENAME
AWS ARN
- Unique ID is create via the following scheme
arn:aws:<service>:<region>:<account_id>:<resource_type>/<resource_name>
Secrets
aws secretsmanager help
aws secretsmanager list-secrets
ws secretsmanager get-secret-value --secret-id <Name> --region <region>
Check Permissions on S3 Bucket
- Do a
PUTmethod to see if the bucket may be writeable to upload a file via
curl -vvv -X PUT $BUCKET_URL --data "Test of write permissions"