# AWS

- [AWS Offensive Security](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security.md): AWS offensive security tactics and techniques
- [AWS Attacks and Techniques](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-attacks-and-techniques.md): Demonstrating various attacks that can be performed on AWS accounts and services
- [Data Poisoning - Bedrock Knowledge Base](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-attacks-and-techniques/data-poisoning-bedrock-knowledge-base.md): How to poison Amazon Bedrock Knowledge Base
- [Enumerate AWS Organization ID](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-attacks-and-techniques/enumerate-aws-organization-id.md): How to enumerate the AWS Organization ID
- [Enumerate AWS Account IDs](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-attacks-and-techniques/enumerate-aws-account-ids.md): To maintain security, AWS Account IDs should be handled carefully, even though they are not deemed confidential. While they are not secrets, they can lead to exposure of sensitive resources or data.
- [Enumerate AWS IAM Users](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-attacks-and-techniques/enumerate-aws-iam-users.md): Exposure of AWS IAM Usernames can further aid attackers efforts to access an AWS account. Exposure leaves users vulnerable to attacks such as phishing and password-spraying.
- [Enumerate (Unauthenticated) IAM Users and Roles](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-attacks-and-techniques/enumerate-unauthenticated-iam-users-and-roles.md): Exploiting an AWS feature of the IAM Role Trust Policy allowing for unauthenticated enumeration of AWS IAM Users and Roles in AWS Accounts.
- [Enumerate AWS Public Resources](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-attacks-and-techniques/enumerate-aws-public-resources.md): Public resources like EBS and RDS snapshots or SSM Documents can lead to data and credential leaks.
- [Enumerate Secrets in AWS](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-attacks-and-techniques/enumerate-secrets-in-aws.md): Tips and tricks for discovering secrets in AWS
- [Generate AWS Console Session](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-attacks-and-techniques/generate-aws-console-session.md): Get access to the AWS console with AWS access keys
- [Generate IAM Access Keys from CloudShell](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-attacks-and-techniques/generate-iam-access-keys-from-cloudshell.md): Using an undocumented endpoint, we can leverage CloudShell from the AWS Console and create AWS Access Keys for the logged on user.
- [Password Spraying AWS IAM Users](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-attacks-and-techniques/password-spraying-aws-iam-users.md): Performing password spray attacks against AWS console users can lead to successful credentials validation and, in turn, access to the AWS user and AWS account.
- [Server Side Request Forgery (SSRF)](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-attacks-and-techniques/server-side-request-forgery-ssrf.md): Server Side Request Forgery attacks can lead to the compromising of AWS EC2 IAM Roles
- [Subdomain Takeovers](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-attacks-and-techniques/subdomain-takeovers.md): Compromise a subdomain by taking over resources no longer existing
- [AWS Defense Evasion](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-defense-evasion.md): Techniques attackers use to avoid detection
- [CloudTrail Tampering](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-defense-evasion/cloudtrail-tampering.md): Techniques for avoiding CloudTrail detection
- [GuardDuty Tampering](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-defense-evasion/guardduty-tampering.md): Techniques for avoiding and disabling GuardDuty detection
- [Undocumented AWS APIs](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-defense-evasion/undocumented-aws-apis.md): Techniques for avoiding CloudTrail detection
- [Nonproduction API Endpoints](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-defense-evasion/nonproduction-api-endpoints.md): Techniques for avoiding CloudTrail detection
- [AWS Persistence](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-persistence.md): Techniques threat actors use to maintain persistence in an AWS environment
- [Generate IAM Access Keys from CloudShell](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-persistence/generate-iam-access-keys-from-cloudshell.md): AWS persistence technique
- [Creating IAM Access Keys](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-persistence/creating-iam-access-keys.md): AWS persistence technique
- [Backdoor an IAM Role](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-persistence/backdoor-an-iam-role.md): AWS persistence technique
- [Generating Temporary AWS Credentials from IAM User](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-persistence/generating-temporary-aws-credentials-from-iam-user.md): AWS persistence technique
- [Generating Temporary Credentials from SSO Credentials File](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-persistence/generating-temporary-credentials-from-sso-credentials-file.md): AWS persistence technique
- [AWS Privilege Escalation](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-privilege-escalation.md): Leveraging AWS permissions for privilege escalation and compromise
- [EC2](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-privilege-escalation/ec2.md): Abusable AWS EC2 permissions that can lead to compromise or privilege escalation
- [Elastic Container Registry (ECR)](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-privilege-escalation/elastic-container-registry-ecr.md): Abusable Amazon ECR permissions that can lead to compromise or privilege escalation
- [Identity Access Management (IAM)](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-privilege-escalation/permissions-abuse.md): Abusable AWS IAM permissions that can lead to compromise or privilege escalation
- [IAM Trust Policies](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-privilege-escalation/attacks-techniques-and-tools.md): Abusable AWS IAM Trust Policies that can lead to compromise or privilege escalation
- [Key Management Service (KMS)](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-privilege-escalation/permissions-abuse-1.md): Abusable AWS KMS permissions that can lead to compromise or privilege escalation
- [Lightsail](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-privilege-escalation/lightsail.md): Abusable AWS Secrets Manager permissions that can lead to compromise or privilege escalation
- [OpenID Connect (OIDC)](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-privilege-escalation/openid-connect-oidc.md): Abusing default or poorly configured Identity Provider IAM Trust Policies for privilege escalation
- [RDS](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-privilege-escalation/rds.md): Abusable AWS EC2 permissions that can lead to compromise or privilege escalation
- [S3](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-privilege-escalation/permissions-abuse-2.md): Abusable AWS S3 permissions that can lead to compromise or privilege escalation
- [Secrets Manager](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-privilege-escalation/secrets-manager.md): Abusable AWS Secrets Manager permissions that can lead to compromise or privilege escalation
- [Security Token Service (STS)](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-privilege-escalation/sts.md): Abusable AWS STS permissions that can lead to compromise or privilege escalation
- [AWS Defensive Security](https://www.techwithtyler.dev/cloud-security/aws/aws-defensive-security.md): AWS defensive security tactics and techniques
- [AWS Organizations](https://www.techwithtyler.dev/cloud-security/aws/aws-defensive-security/aws-organizations.md): Capabilities related to and enabled by AWS Organizations
- [Declarative Policies](https://www.techwithtyler.dev/cloud-security/aws/aws-defensive-security/aws-organizations/declarative-policies.md): Centrally declare and enforce your desired configuration for a given AWS service at scale across an organization
- [AWS Incident Response](https://www.techwithtyler.dev/cloud-security/aws/aws-incident-response.md): Responding to AWS-related incidents
- [Compromised IAM Credentials](https://www.techwithtyler.dev/cloud-security/aws/aws-incident-response/compromised-iam-credentials.md): How to respond to compromised IAM Credentials
- [AWS Threat Matrix](https://www.techwithtyler.dev/cloud-security/aws/aws-threat-matrix.md): AWS attacks and techniques aligned to MITRE ATT\&CK Matrix
- [AWS Services Info](https://www.techwithtyler.dev/cloud-security/aws/aws.md): General information about AWS and its services
- [AI / Machine Learning](https://www.techwithtyler.dev/cloud-security/aws/aws/ai-machine-learning.md): AWS AI and Machine Learning Related Services
- [Amazon Bedrock](https://www.techwithtyler.dev/cloud-security/aws/aws/ai-machine-learning/amazon-bedrock.md): Amazon Bedrock overview, attacks, and mitigations.
- [Compute](https://www.techwithtyler.dev/cloud-security/aws/aws/compute.md): AWS Compute-Related Services
- [EC2](https://www.techwithtyler.dev/cloud-security/aws/aws/compute/ec2.md): EC2 overview and attacks
- [Containers](https://www.techwithtyler.dev/cloud-security/aws/aws/containers.md): AWS Container-Related Services
- [Elastic Container Registry (ECR)](https://www.techwithtyler.dev/cloud-security/aws/aws/containers/elastic-container-registry-ecr.md): General information about Elastic Container Registry
- [Database](https://www.techwithtyler.dev/cloud-security/aws/aws/database.md): AWS Database-Related Services
- [RDS](https://www.techwithtyler.dev/cloud-security/aws/aws/database/rds.md): RDS overview
- [Security](https://www.techwithtyler.dev/cloud-security/aws/aws/security.md): AWS Security-Related Services
- [IAM](https://www.techwithtyler.dev/cloud-security/aws/aws/security/iam.md): IAM overview
- [KMS](https://www.techwithtyler.dev/cloud-security/aws/aws/security/kms.md): KMS overview and attacks
- [Serverless](https://www.techwithtyler.dev/cloud-security/aws/aws/serverless.md): AWS Serverless-Related Services
- [SNS Topic](https://www.techwithtyler.dev/cloud-security/aws/aws/serverless/sns-topic.md): SNS overview and attacks
- [Storage](https://www.techwithtyler.dev/cloud-security/aws/aws/storage.md): AWS Storage-Related Services
- [S3](https://www.techwithtyler.dev/cloud-security/aws/aws/storage/general-info.md): General information about AWS S3
- [AWS CLI Cheat Sheet](https://www.techwithtyler.dev/cloud-security/aws/cli-cheat-sheet.md): Quick reference for commonly used commands


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://www.techwithtyler.dev/cloud-security/aws.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.