IAM - Persistence
How to maintain persistent aws access leveraging iam
AWS Access Keys
AWS IAM users can have up to 2 sets of access keys
Consider creating a second pair after compromising the first so that you have a backup if the first keys get burned
AWS Trust Policies
Consider accessing an IAM Role, which can function across AWS accounts
Even if you lose direct access to the target account, you can still assume the role from another account if you've modified the role's Trust Policy
AWS Vulnerable Trust Policies
Poorly written IAM policies can lead to unintended behavior
Consider this policy which allows the Lambda service from any AWS account to assume this role
Last updated