GITBOOK-644: change request with no subject merged in GitBook

SUMMARY.md

@@ -31,6 +31,7 @@
 * [AWS Commands](cloud-aws/aws-commands.md)
 * [Enumeration](cloud-aws/enumeration.md)
 * [Public S3 Bucket Exploits](cloud-aws/public-s3-bucket-exploits.md)
+* [EC2](cloud-aws/ec2.md)
 
 ## Networking
 

cloud-aws/ec2.md

@@ -0,0 +1,81 @@
+# EC2
+
+
+
+## Connect to instance
+
+### Direct SSH or RDP
+
+Use a standard SSH or RDP connection to reach the instance.
+
+* Requires knowing the Elastic or Private IP of the machine
+* The Security Group associated with the instance must allow inbound SSH or RDP connections
+* The SSH or RDP service must be configured and running on the machine
+* Since the authentication procedure is managed directly on the instance, no AWS credentials or keys are needed
+
+### EC2 Connect
+
+A browser based shell leveraging temporary SSH keys as backed against IAM credentials. Can be accessed from the AWS dashboard or from the url below
+
+* Requires configuration of an agent on the target machine
+* In order to use this access method from a remote SSH Client, the SSH port must be reachable from the internet and the user must own valid IAM credentials
+
+Direct URL:
+
+```
+https:/<region>.console.aws.amazon.com/ec2-instance-connect/ssh?region=<region>&connType=standard&instanceId=<instance id>osUser=<ec2 user>&sshPort=22#/
+```
+
+### AWS SSM
+
+AWS Simple System Management allows to install a package or run a command on a Linux or Windows server. This service can also be used to obtain a shell on the EC2 instance using the AWS Systems Manager Session Manager service.
+
+* Requires configuration of an agent on the target machine
+* The EC2 instance must own the correct IAM permissions to enable this service
+* The user must own valid IAM user credentials to use this service
+* Does not require direct network access to the instance
+
+### **EC2 Serial Console**
+
+This method of authentication allows a user to authenticate on the EC2 instance only by knowing the host's username and password.
+
+* An administrator must enable the EC2 Serial Console for the whole region
+* Users on the instance must have a password defined, otherwise it will be impossible to login as them
+* Does not require valid IAM User credentials
+* Does not require direct network access to the EC2 instance
+
+## IMDS
+
+### Get instance information
+
+Get current role
+
+```
+curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/ 
+```
+
+Get instance ID
+
+```
+curl -s http://169.254.169.254/latest/meta-data/instance-id
+```
+
+Get instance region
+
+```
+curl -s http://169.254.169.254/latest/meta-data/placement/region
+```
+
+### Enable IMDSv2
+
+Enable IMDv2 for current instance
+
+```
+aws ec2 modify-instance-metadata-options --instance-id <instance id> --http-tokens required --region <region>
+```
+
+One line command with required calls included
+
+```
+aws ec2 modify-instance-metadata-options --instance-id $(curl -s http://169.254.169.254/latest/meta-data/instance-id) --http-tokens required --region $(curl -s http://169.254.169.254/latest/meta-data/placement/region)
+```

cloud-aws/references.md

@@ -1,5 +1,30 @@
 # References
 
+## ARN Structure
+
+Generic structure
+
+```
+arn:partition:service:region:account-id:resource-id
+arn:partition:service:region:account-id:resource-type/resource-id
+arn:partition:service:region:account-id:resource-type:resource-id
+```
+
+* Partition: can be one of the following: `aws`, `aws-cn` (Chinese branch), `aws-us-gov` (US Gov restricted access)
+* Service
+* [Region](references.md#regions)
+* Account-id: account id of the resource owner
+* Resource-id: id code of the specified resource or service
+* Resource-type: some resource categories allow more granularity whensearching for a particular resource. For instance EC2 services can be subdivided into instances, images, security groups and so on
+
+## Regions
+
+<table><thead><tr><th width="239">Code</th><th>Name</th></tr></thead><tbody><tr><td>us-east-2</td><td>US East (Ohio)</td></tr><tr><td>us-east-1</td><td>US East (Virginia)</td></tr><tr><td>us-west-1</td><td>US West (N. California)</td></tr><tr><td>us-west-2</td><td>US West (Oregon)</td></tr><tr><td>ap-south-1</td><td>Asia Pacific (Mumbai)</td></tr><tr><td>ap-northeast-3</td><td>Asia Pacific (Osaka)</td></tr><tr><td>ap-northeast-2</td><td>Asia Pacific (Seoul)</td></tr><tr><td>ap-southeast-1</td><td>Asia Pacific (Singapore)</td></tr><tr><td>ap-southeast-2</td><td>Asia Pacific (Sydney)</td></tr><tr><td>ap-northeast-1</td><td>Asia Pacific (Tokyo)</td></tr><tr><td>ca-central-1</td><td>Canada (Central)</td></tr><tr><td>eu-central-1</td><td>Europe (Frankfurt)</td></tr><tr><td>eu-west-1</td><td>Europe (Ireland)</td></tr><tr><td>eu-west-2</td><td>Europe (London)</td></tr><tr><td>eu-west-3</td><td>Europe (Paris)</td></tr><tr><td>eu-north-1</td><td>Europe (Stockholm)</td></tr><tr><td>sa-east-1</td><td>South America (São Paulo)</td></tr></tbody></table>
+
+Opt-in regions
+
+<table><thead><tr><th width="240">Code</th><th>Name</th></tr></thead><tbody><tr><td>af-south-1</td><td>Africa (Cape Town)</td></tr><tr><td>ap-east-1</td><td>Asia Pacific (Hong Kong)</td></tr><tr><td>ap-south-2</td><td>Asia Pacific (Hyderabad)</td></tr><tr><td>ap-southeast-3</td><td>Asia Pacific (Jakarta)</td></tr><tr><td>ap-southeast-4</td><td>Asia Pacific (Melbourne)</td></tr><tr><td>ca-west-1</td><td>Canada West (Calgary)</td></tr><tr><td>eu-south-1</td><td>Europe (Milan)</td></tr><tr><td>eu-south-2</td><td>Europe (Spain)</td></tr><tr><td>eu-central-2</td><td>Europe (Zurich)</td></tr><tr><td>il-central-1</td><td>Israel (Tel Aviv)</td></tr><tr><td>me-south-1</td><td>Middle East (Bahrain)</td></tr><tr><td>me-central-1</td><td>Middle East (UAE)</td></tr></tbody></table>
+
 ## ID Prefixes
 
 | Prefix | Resource type                                                                                                                                                                                                         |