AWS - Step Functions Enum

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

Step Functions

AWS Step Functions ni huduma ya mchakato inayokuwezesha kuratibu na kuandaa huduma nyingi za AWS katika michakato isiyo na seva. Kwa kutumia AWS Step Functions, unaweza kubuni na kuendesha michakato inayounganisha huduma mbalimbali za AWS kama AWS Lambda, Amazon S3, Amazon DynamoDB, na nyingine nyingi, katika mfululizo wa hatua. Huduma hii ya uratibu inatoa kiolesura cha mchakato wa kuona na inatoa uwezo wa mashine ya hali, ikiruhusu kufafanua kila hatua ya mchakato kwa njia ya kutangaza kwa kutumia lugha ya Amazon States Language (ASL) inayotumia JSON.

Key concepts

Standard vs. Express Workflows

AWS Step Functions inatoa aina mbili za michakato ya mashine ya hali: Standard na Express.

Standard Workflow: Aina hii ya mchakato wa kawaida imeundwa kwa ajili ya michakato ya muda mrefu, ya kudumu, na inayoweza kukaguliwa. Inasaidia utendaji wa mara moja tu, kuhakikisha kazi zinafanyika mara moja tu isipokuwa ikiwa kurudiwa kunakubaliwa. Ni bora kwa michakato inayohitaji historia ya kina ya utendaji na inaweza kuendesha kwa muda wa hadi mwaka mmoja.
Express Workflow: Aina hii ni bora kwa kazi zenye kiasi kikubwa, za muda mfupi, zinazoendesha kwa muda wa hadi dakika tano. Zinasaidia utendaji wa angalau mara moja, zinazofaa kwa kazi zisizobadilika kama usindikaji wa data. Michakato hii imeboreshwa kwa gharama na utendaji, ikitoza kulingana na utendaji, muda, na matumizi ya kumbukumbu.

States

Hali ni vitengo muhimu vya mashine za hali. Zinabainisha hatua za kibinafsi ndani ya mchakato, zikiwa na uwezo wa kutekeleza kazi mbalimbali kulingana na aina yake:

Task: Inatekeleza kazi, mara nyingi ikitumia huduma ya AWS kama Lambda.
Choice: Inafanya maamuzi kulingana na ingizo.
Fail/Succeed: Inamaliza utendaji kwa kushindwa au kufanikiwa.
Pass: Inapitisha ingizo kwa pato au kuingiza data.
Wait: Inachelewesha utendaji kwa muda uliowekwa.
Parallel: Inaanzisha matawi ya sambamba.
Map: Inarudiarudia hatua kwa vitu.

Task

Hali ya Task inawakilisha kitengo kimoja cha kazi kinachotekelezwa na mashine ya hali. Kazi zinaweza kuita rasilimali mbalimbali, ikiwa ni pamoja na shughuli, kazi za Lambda, huduma za AWS, au APIs za wahusika wengine.

Activities: Wafanyakazi maalum unayoshughulikia, inayofaa kwa michakato ya muda mrefu.
Rasilimali: arn:aws:states:region:account:activity:name.
Lambda Functions: Inatekeleza kazi za AWS Lambda.
Rasilimali: arn:aws:lambda:region:account:function:function-name.
AWS Services: Inajumuisha moja kwa moja na huduma nyingine za AWS, kama DynamoDB au S3.
Rasilimali: arn:partition:states:region:account:servicename:APIname.
HTTP Task: Inaita APIs za wahusika wengine.
Uwanja wa rasilimali: arn:aws:states:::http:invoke. Kisha, unapaswa kutoa maelezo ya usanidi wa mwisho wa API, kama vile URL ya API, njia, na maelezo ya uthibitishaji.

Mfano ufuatao unaonyesha ufafanuzi wa hali ya Task inayokita kazi ya Lambda inayoitwa HelloWorld:

"HelloWorld": {
"Type": "Task",
"Resource": "arn:aws:states:::lambda:invoke",
"Parameters": {
"Payload.$": "$",
"FunctionName": "arn:aws:lambda:<region>:<account-id>:function:HelloWorld"
},
"End": true
}

Choice

A Choice state adds conditional logic to a workflow, enabling decisions based on input data. It evaluates the specified conditions and transitions to the corresponding state based on the results.

Comparison: Kila sheria ya uchaguzi inajumuisha opereta wa kulinganisha (e.g., NumericEquals, StringEquals) inayolinganisha kigezo cha ingizo na thamani iliyoainishwa au kigezo kingine.
Next Field: Mstates za uchaguzi hazisaidii uwanja wa End, badala yake, zinafafanua hali ya Next ili kuhamia ikiwa kulinganisha ni kweli.

Example of Choice state:

{
"Variable": "$.timeStamp",
"TimestampEquals": "2000-01-01T00:00:00Z",
"Next": "TimeState"
}

Fail/Succeed

A Fail state stops the execution of a state machine and marks it as a failure. It is used to specify an error name and a cause, providing details about the failure. This state is terminal, meaning it ends the execution flow.

A Succeed state stops the execution successfully. It is typically used to terminate the workflow when it completes successfully. This state does not require a Next field.

"FailState": {
"Type": "Fail",
"Error": "ErrorName",
"Cause": "Error details"
}

"SuccessState": {
"Type": "Succeed"
}

Pass

A Pass state inapitisha ingizo lake kwa pato lake bila kufanya kazi yoyote au kubadilisha ingizo la hali ya JSON kwa kutumia filters, na kisha kupeleka data iliyobadilishwa kwa hali inayofuata. Inasaidia katika kujaribu na kujenga mashine za hali, ikikuruhusu kuingiza data ya kudumu au kuibadilisha.

"PassState": {
"Type": "Pass",
"Result": {"key": "value"},
"ResultPath": "$.newField",
"Next": "NextState"
}

Wait

A Wait state inachelewesha utekelezaji wa mashine ya hali kwa muda maalum. Kuna mbinu tatu kuu za kuunda muda wa kusubiri:

X Sekunde: Nambari thabiti ya sekunde za kusubiri.

"WaitState": {
"Type": "Wait",
"Seconds": 10,
"Next": "NextState"
}

Wakati Halisi: Wakati sahihi wa kusubiri hadi.

"WaitState": {
"Type": "Wait",
"Timestamp": "2024-03-14T01:59:00Z",
"Next": "NextState"
}

Kusubiri Kitaalamu: Kulingana na ingizo kutumia SecondsPath au TimestampPath.

jsonCopiar código
"WaitState": {
"Type": "Wait",
"TimestampPath": "$.expirydate",
"Next": "NextState"
}

Parallel

A Parallel state inakuwezesha kutekeleza matawi mengi ya kazi kwa pamoja ndani ya mtiririko wako wa kazi. Kila tawi linafanya kazi kwa uhuru na linafanya mfululizo wake wa hali. Utekelezaji unasubiri hadi matawi yote yakamilike kabla ya kuendelea na hali inayofuata. Sehemu zake kuu ni:

Matawi: Safu inayofafanua njia za utekelezaji wa sambamba. Kila tawi ni mashine ya hali tofauti.
ResultPath: Inafafanua wapi (katika ingizo) kuweka matokeo yaliyojumuishwa ya matawi.
Retry and Catch: Mipangilio ya kushughulikia makosa kwa hali ya sambamba.

"ParallelState": {
"Type": "Parallel",
"Branches": [
{
"StartAt": "Task1",
"States": { ... }
},
{
"StartAt": "Task2",
"States": { ... }
}
],
"Next": "NextState"
}

Ramani

A Ramani hali inaruhusu utekelezaji wa seti ya hatua kwa kila kipengee katika dataset. Inatumika kwa usindikaji wa data kwa wakati mmoja. Kulingana na jinsi unavyotaka kusindika vipengee vya dataset, Step Functions inatoa njia zifuatazo:

Njia ya Ndani: Inatekeleza subset ya hali kwa kila kipengee cha JSON array. Inafaa kwa kazi ndogo zenye kurudi kwa wakati mmoja chini ya 40, ikikimbia kila moja katika muktadha wa workflow inayojumuisha hali ya Ramani.

"MapState": {
"Type": "Map",
"ItemsPath": "$.arrayItems",
"ItemProcessor": {
"ProcessorConfig": {
"Mode": "INLINE"
},
"StartAt": "AddState",
"States": {
"AddState": {
"Type": "Task",
"Resource": "arn:aws:states:::lambda:invoke",
"OutputPath": "$.Payload",
"Parameters": {
"FunctionName": "arn:aws:lambda:<region>:<account-id>:function:add-function"
},
"End": true
}
}
},
"End": true
"ResultPath": "$.detail.added",
"ItemsPath": "$.added"
}

Njia Iliyosambazwa: Imeundwa kwa ajili ya usindikaji wa wakati mmoja kwa kiwango kikubwa na ufanisi wa juu. Inasaidia usindikaji wa datasets kubwa, kama zile zilizohifadhiwa katika Amazon S3, ikiruhusu ufanisi wa juu wa hadi 10,000 ya utekelezaji wa watoto wa workflow, ikikimbia watoto hawa kama utekelezaji wa mtoto tofauti.

"DistributedMapState": {
"Type": "Map",
"ItemReader": {
"Resource": "arn:aws:states:::s3:getObject",
"Parameters": {
"Bucket": "my-bucket",
"Key": "data.csv"
}
},
"ItemProcessor": {
"ProcessorConfig": {
"Mode": "DISTRIBUTED",
"ExecutionType": "EXPRESS"
},
"StartAt": "ProcessItem",
"States": {
"ProcessItem": {
"Type": "Task",
"Resource": "arn:aws:lambda:region:account-id:function:my-function",
"End": true
}
}
},
"End": true
"ResultWriter": {
"Resource": "arn:aws:states:::s3:putObject",
"Parameters": {
"Bucket": "myOutputBucket",
"Prefix": "csvProcessJobs"
}
}
}

Matoleo na majina

Step Functions pia inakuwezesha kudhibiti utekelezaji wa workflow kupitia matoleo na majina ya mashine za hali. Toleo linawakilisha picha ya mashine ya hali ambayo inaweza kutekelezwa. Majina yanatumika kama viashiria kwa matoleo mawili ya mashine ya hali.

Matoleo: Picha hizi zisizoweza kubadilishwa za mashine ya hali zinaundwa kutoka kwa toleo la hivi karibuni la mashine hiyo ya hali. Kila toleo linatambulishwa na ARN ya kipekee inayounganisha ARN ya mashine ya hali na nambari ya toleo, iliyotenganishwa na koloni (arn:aws:states:region:account-id:stateMachine:StateMachineName:version-number). Matoleo hayawezi kuhaririwa, lakini unaweza kuboresha mashine ya hali na kuchapisha toleo jipya, au kutumia toleo la mashine ya hali unayotaka.
Majina: Viashiria hivi vinaweza kurejelea hadi matoleo mawili ya mashine moja ya hali. Majina mengi yanaweza kuundwa kwa mashine moja ya hali, kila moja ikitambulishwa na ARN ya kipekee iliyoundwa kwa kuunganisha ARN ya mashine ya hali na jina la jina, iliyotenganishwa na koloni (arn:aws:states:region:account-id:stateMachine:StateMachineName:aliasName). Majina yanaruhusu kuelekeza trafiki kati ya moja ya matoleo mawili ya mashine ya hali. Vinginevyo, jina linaweza kuelekeza kwenye toleo moja maalum la mashine ya hali, lakini si kwenye majina mengine. Yanweza kuboreshwa ili kuelekeza kwenye toleo tofauti la mashine ya hali kadri inavyohitajika, kurahisisha utekelezaji wa kudhibitiwa na usimamizi wa workflow.

Kwa maelezo zaidi kuhusu ASL, angalia: Lugha ya Jimbo la Amazon.

Majukumu ya IAM kwa Mashine za Hali

AWS Step Functions inatumia majukumu ya AWS Identity and Access Management (IAM) kudhibiti ufikiaji wa rasilimali na vitendo ndani ya mashine za hali. Hapa kuna vipengele muhimu vinavyohusiana na usalama na majukumu ya IAM katika AWS Step Functions:

Jukumu la Utekelezaji: Kila mashine ya hali katika AWS Step Functions inahusishwa na jukumu la IAM la utekelezaji. Jukumu hili linaeleza vitendo gani mashine ya hali inaweza kutekeleza kwa niaba yako. Wakati mashine ya hali inahamia kati ya hali zinazoshirikiana na huduma za AWS (kama vile kuita kazi za Lambda, kufikia DynamoDB, nk), inachukua jukumu hili la utekelezaji ili kutekeleza vitendo hivyo.
Ruhusa: Jukumu la utekelezaji la IAM lazima liwe limeundwa na ruhusa zinazoruhusu vitendo vinavyohitajika kwenye huduma nyingine za AWS. Kwa mfano, ikiwa mashine yako ya hali inahitaji kuita kazi za AWS Lambda, jukumu la IAM lazima liwe na ruhusa za lambda:InvokeFunction. Vivyo hivyo, ikiwa inahitaji kuandika kwenye DynamoDB, ruhusa zinazofaa (dynamodb:PutItem, dynamodb:UpdateItem, nk.) lazima zipewe.

Uainishaji

Sera ya ReadOnlyAccess inatosha kwa vitendo vyote vya uainishaji vifuatavyo.

# State machines #

## List state machines
aws stepfunctions list-state-machines
## Retrieve informatio about the specified state machine
aws stepfunctions describe-state-machine --state-machine-arn <value>

## List versions for the specified state machine
aws stepfunctions list-state-machine-versions --state-machine-arn <value>
## List aliases for the specified state machine
aws stepfunctions list-state-machine-aliases --state-machine-arn <value>
## Retrieve information about the specified state machine alias
aws stepfunctions describe-state-machine-alias --state-machine-alias-arn <value>

## List executions of a state machine
aws stepfunctions list-executions --state-machine-arn <value> [--status-filter <RUNNING | SUCCEEDED | FAILED | TIMED_OUT | ABORTED | PENDING_REDRIVE>] [--redrive-filter <REDRIVEN | NOT_REDRIVEN>]
## Retrieve information and relevant metadata about a state machine execution (output included)
aws stepfunctions describe-execution --execution-arn <value>
## Retrieve information about the state machine associated to the specified execution
aws stepfunctions describe-state-machine-for-execution --execution-arn <value>
## Retrieve the history of the specified execution as a list of events
aws stepfunctions get-execution-history --execution-arn <value> [--reverse-order | --no-reverse-order] [--include-execution-data | --no-include-execution-data]

## List tags for the specified step Functions resource
aws stepfunctions list-tags-for-resource --resource-arn <value>

## Validate the definition of a state machine without creating the resource
aws stepfunctions validate-state-machine-definition --definition <value> [--type <STANDARD | EXPRESS>]

# Activities #

## List existing activities
aws stepfunctions list-activities
## Retrieve information about the specified activity
aws stepfunctions describe-activity --activity-arn <value>

# Map Runs #

## List map runs of an execution
aws stepfunctions list-map-runs --execution-arn <value>
## Provide information about the configuration, progress and results of a Map Run
aws stepfunctions describe-map-run --map-run-arn <value>
## Lists executions of a Map Run
aws stepfunctions list-executions --map-run-arn <value> [--status-filter <RUNNING | SUCCEEDED | FAILED | TIMED_OUT | ABORTED | PENDING_REDRIVE>] [--redrive-filter <REDRIVEN | NOT_REDRIVEN>]

Privesc

Katika ukurasa ufuatao, unaweza kuangalia jinsi ya kudhulumu ruhusa za Step Functions ili kupandisha hadhi:

AWS - Step Functions Privesc

Post Exploitation

AWS - Step Functions Post Exploitation

Persistence

AWS - Step Functions Persistence

References

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Angalia mpango wa usajili!
Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au fuata sisi kwenye Twitter 🐦 @hacktricks_live.
Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.

PreviousAWS - S3, Athena & Glacier Enum NextAWS - STS Enum

Last updated 8 days ago