AWS - Control Tower Enum
Last updated
Last updated
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
In summary, Control Tower is a service that allows to define policies for all your accounts inside your org. So instead of managing each of the you can set policies from COntrol Tower that will be applied on them.
AWS Control Tower is a service provided by Amazon Web Services (AWS) that enables organizations to set up and govern a secure, compliant, multi-account environment in AWS.
AWS Control Tower provides a pre-defined set of best-practice blueprints that can be customized to meet specific organizational requirements. These blueprints include pre-configured AWS services and features, such as AWS Single Sign-On (SSO), AWS Config, AWS CloudTrail, and AWS Service Catalog.
With AWS Control Tower, administrators can quickly set up a multi-account environment that meets organizational requirements, such as security and compliance. The service provides a central dashboard to view and manage accounts and resources, and it also automates the provisioning of accounts, services, and policies.
In addition, AWS Control Tower provides guardrails, which are a set of pre-configured policies that ensure the environment remains compliant with organizational requirements. These policies can be customized to meet specific needs.
Overall, AWS Control Tower simplifies the process of setting up and managing a secure, compliant, multi-account environment in AWS, making it easier for organizations to focus on their core business objectives.
For enumerating controltower controls, you first need to have enumerated the org:
AWS - Organizations EnumControl Tower can also use Account factory to execute CloudFormation templates in accounts and run services (privesc, post-exploitation...) in those accounts
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)