Abusing EC2 Instances

UnAuthenticated

Google Dork

intitle:"index of" ec2 -aws

Instance Metadata

EC2 instance metadata is a service provided by Amazon Web Services (AWS) that allows an Amazon Elastic Compute Cloud (EC2) instance to access information about itself. It details the instance’s configuration, attributes, and network settings. This information is available to the instance via a specific URL, typically http://169.254.169.254/latest/.

Instance metadata includes the instance ID, instance type, public and private IP addresses, security group information, and other instance-specific details. It allows the instance to query and retrieve its characteristics and settings, which can be useful for configuring software, scripts, or applications running on the instance.

What are IAM Roles?

IAM roles in Amazon Web Services (AWS) are a way to grant permissions to AWS services or resources securely without the need for long-term access keys or credentials. IAM roles delegate permissions to AWS services, EC2 instances, Lambda functions, and other AWS entities.

Here are the key points to understand about IAM roles:

  1. Delegated Permissions: IAM roles are created in IAM and define what permissions are allowed. Unlike IAM users, roles are not associated with a specific person or entity. Instead, they are assumed by AWS services or resources.

  2. Trust Policy: Each IAM role has a trust policy that defines which AWS services or entities are allowed to assume the role. This policy specifies the trusted entities and conditions under which the role can be assumed.

  3. Permissions Policies: Roles have one or more permissions policies attached to them. These policies define what actions can be performed and on which AWS resources. Permissions are granted through these policies.

  4. Temporary Credentials: When a role is assumed by an AWS service or resource, it receives temporary security credentials in the form of an access key, secret key, and a session token. These temporary credentials are used to access other AWS resources and services.

  5. Cross-Account Access: IAM roles can be used to grant permissions across AWS accounts. For example, you can create a role in one AWS account and allow another account to assume that role, granting it access to specific resources in the first account.

  6. EC2 Instance Profiles: IAM roles are commonly used with Amazon EC2 instances to grant them permission to interact with AWS services. These roles are associated with EC2 instances through instance profiles, allowing applications running on the instance to make API calls to AWS services securely.

  7. Least Privilege: It’s a best practice to assign the minimum required permissions to roles to follow the principle of least privilege. This ensures that roles only have access to the resources and actions necessary for their intended use.

  8. Rotation: IAM roles can be rotated, just like access keys for IAM users. It’s important to regularly rotate role credentials for security.

SSRF

http://169.254.169.254/latest/
curl http://169.254.169.254/latest/meta-data/iam/security-credentials/{role-name}
PreviousToolsNextS3 Bucket Kicking

Last updated