Skip to content

Commit

Permalink
GITBOOK-642: change request with no subject merged in GitBook
Browse files Browse the repository at this point in the history
  • Loading branch information
@fborsani @gitbook-bot
fborsani authored and gitbook-bot committed Apr 27, 2024
1 parent 2042c31 commit 5b1946b
Show file tree
Hide file tree
Showing 4 changed files with 104 additions and 17 deletions.
1 change: 1 addition & 0 deletions SUMMARY.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@
## Cloud - AWS

* [AWS Infrastructure](cloud-aws/aws-infrastructure.md)
* [References](cloud-aws/references.md)
* [AWS Commands](cloud-aws/aws-commands.md)
* [Enumeration](cloud-aws/enumeration.md)

Expand Down
85 changes: 72 additions & 13 deletions cloud-aws/aws-commands.md
View file
Original file line number Diff line number Diff line change
@@ -1,39 +1,98 @@
# AWS Commands

## Access Control
## Authentication

### Accounts
### Access Key

Create account
Create Access Key

```
aws iam create-login-profile --user TryHackMe-IAM-User
aws iam create-access-key #for current user
aws iam create-access-key --user-name <user name>
```

Change password
Configure local variables

```
aws iam update-login-profile --user <IAM> --password '<password>'
export AWS_SECRET_ACCESS_KEY="<access key>"
export AWS_ACCESS_KEY_ID="<key id>"
```

### Granting access
Alternatively these variables can be configured by running the following command on the local machine

Set password for AWS Console Access. If not present the IAM User is not allowed to login to AWS Dashboard and use GUI based services
```
aws configure
```

### Session Token

Create Session Token

```
aws iam update-login-profile --user <IAM> --password '<password>'
aws sts get-session-token #for current user
aws sts get-session-token --user-name <user name>
```

Create Access Key
Configure local variables

```
aws iam create-access-key --user-name <user name>
export AWS_ACCESS_KEY_ID="<access key>"
export AWS_SECRET_ACCESS_KEY="<secret key>"
export AWS_SESSION_TOKEN="<session token>"
```

&#x20;Create Session Token
### Assume Role

#### Gain temporary access to a resource

CLI Command. The session name is arbitrary and is requested only for logging purposes.

```
aws sts assume-role --role-arn <role arn> --role-session-name <session name>
```

Obtain temporary access to ECS instance. To be executed within the target instance

```
curl 169.254.170.2$AWS_CONTAINER_CREDENTIALS_RELATIVE_URI
```

Generate temporary credentials for Cloudshell instance. To be executed within the Cloudshell session. These credentials can be used to grant access to the shell to other users or services.

```
curl $AWS_CONTAINER_CREDENTIALS_FULL_URI -H "X-aws-ec2-metadata-token: $AWS_CONTAINER_AUTHORIZATION_TOKEN"
```
aws sts get-session-token

After obtaining the credentials update the local environment

```
export AWS_ACCESS_KEY_ID="<access key>"
export AWS_SECRET_ACCESS_KEY="<secret key>"
export AWS_SESSION_TOKEN="<session token>"
```

## Access Control

### Accounts

Create account

```
aws iam create-login-profile --user <username>
```

Change password

```
aws iam update-login-profile --user <IAM> --password '<password>'
```

### Granting access

Set password for AWS Console Access. If not present the IAM User is not allowed to login to AWS Dashboard and use GUI based services

```
aws iam update-login-profile --user <IAM> --password '<password>'
```

### Manage Access Keys
Expand Down
17 changes: 13 additions & 4 deletions cloud-aws/enumeration.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,15 @@

## Access Control

### Who am i?
### Who am I?

When logged in remotely using access keys

```
aws sts get-caller-identity
```

From Cloudshell

```
aws iam get-user
Expand Down Expand Up @@ -78,6 +86,7 @@ aws s3 ls

List content of bucket

<pre><code>aws s3 ls s3:&#x3C;bucket name> #root level
<strong>aws s3 ls s3:&#x3C;bucket name>/&#x3C;path>
</strong></code></pre>
```
aws s3 ls s3:<bucket name> #root level
aws s3 ls s3:<bucket name>/<path>
```
18 changes: 18 additions & 0 deletions cloud-aws/references.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
# References

## ID Prefixes

| Prefix | Resource type |
| ------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| ABIA | [AWS STS service bearer token](https://docs.aws.amazon.com/IAM/latest/UserGuide/id\_credentials\_bearer.html) |
| ACCA | Context-specific credential |
| AGPA | User group |
| AIDA | IAM user |
| AIPA | Amazon EC2 instance profile |
| AKIA | Access key |
| ANPA | Managed policy |
| ANVA | Version in a managed policy |
| APKA | Public key |
| AROA | Role |
| ASCA | Certificate |
| ASIA | [Temporary (AWS STS) access key IDs](https://docs.aws.amazon.com/STS/latest/APIReference/API\_Credentials.html) use this prefix, but are unique only in combination with the secret access key and the session token. |

0 comments on commit 5b1946b

Please sign in to comment.