HackTricks Cloud

English - Ht Cloud

English - Ht Cloud Afrikaans - Ht Cloud Chinese - Ht Cloud Español - Ht Cloud Français - Ht Cloud German - Ht Cloud Greek - Ht Cloud Hindi - Ht Cloud Italian - Ht Cloud Japanese - Ht Cloud Korean - Ht Cloud Polish - Ht Cloud Português - Ht Cloud Serbian - Ht Cloud Swahili - Ht Cloud Turkish - Ht Cloud Ukranian - Ht Cloud

HackTricks Training Twitter Linkedin Sponsor

HackTricks Training Twitter Linkedin Sponsor

English - Ht Cloud

English - Ht Cloud Afrikaans - Ht Cloud Chinese - Ht Cloud Español - Ht Cloud Français - Ht Cloud German - Ht Cloud Greek - Ht Cloud Hindi - Ht Cloud Italian - Ht Cloud Japanese - Ht Cloud Korean - Ht Cloud Polish - Ht Cloud Português - Ht Cloud Serbian - Ht Cloud Swahili - Ht Cloud Turkish - Ht Cloud Ukranian - Ht Cloud

👽Welcome!
🏭Pentesting CI/CD
⛈️Pentesting Cloud
🛫Pentesting Network Services
- HackTricks Pentesting Network
- HackTricks Pentesting Services

Powered by GitBook

On this page

Was this helpful?

⛈️Pentesting Cloud

AWS Pentesting

AWS - Permissions for a Pentest

PreviousAWS - Federation Abuse NextAWS - Persistence

Last updated 5 days ago

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

These are the permissions you need on each AWS account you want to audit to be able to run all the proposed AWS audit tools:

The default policy arn:aws:iam::aws:policy/ReadOnlyAccess
To run aws_iam_review you also need the permissions:
- access-analyzer:List*
- access-analyzer:Get*
- iam:CreateServiceLinkedRole
- access-analyzer:CreateAnalyzer
  - Optional if the client generates the analyzers for you, but usually it's easier just to ask for this permission)
- access-analyzer:DeleteAnalyzer
  - Optional if the client removes the analyzers for you, but usually it's easier just to ask for this permission)

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.