Intro to AWS IAM Enumeration

We created this beginner-friendly lab to give an introduction to the AWS CLI as well as IAM user, role, group, and policy enumeration. This lab is good for red and blue looking to gain familiarity with AWS cloud!

You are a security consultant hired by the global logistics company, Huge Logistics. Following suspicious activity, you are tasked with enumerating the IAM user dev01 and mapping out any potentially compromised resources. Your mission is to enumerate and evaluate IAM roles, policies, and permissions.

• Familiarity with the AWS CLI
• Understanding of the basic AWS IAM components
• Ability to list, retrieve and interpret IAM policies

IAM (Identity and Access Management) is central to building, defending and attacking cloud services. Both offensive and defensive security practitioners need a solid understanding of IAM and how to enumerate permissions: attackers look for overly-permissive settings or misconfigurations in a potential attack chain, while defenders ensure need to enforce the principle of least privilege and identify any resources or services that are in the blast radius of a compromised IAM user.