📣 Sponsor

Enabling Just-In-Time (JIT) Access for AWS S3 Buckets

Granting temporary access to your AWS S3 bucket can significantly enhance security and flexibility in sharing data and resources.

In this guide, we explore how to grant temporary access to an S3 bucket using AWS Identity and Access Management (IAM) policies and pre-signed URLs, ensuring a secure and flexible approach.

🥗 Appetizer

Hey folks,

I have to admit, I'm somewhat underwhelmed by the announcements at re:Invent 2023. It seems like there weren't any groundbreaking features or exciting developments this time around. Perhaps I've been in the industry too long and have become a bit jaded?

The highlights for me were the introduction of S3 Express OZ, the new AWS AI-powered TAM (Amazon Q, wait, Q like in James Bond? 🤵), and S3 Access Grants methods (yet another way to fail on security).

Hope you've recovered from your post re:Invent blues. Stay well, everyone.

What about you? What did you think of this year's event? Feel free to hit reply and share your thoughts.

Victor

🍹 Monitor AWS Managed IAM Policies

Managed Policy changed since last week: 48 (Large one due to re:Invent 🤢)

1. 🚩 AWSBackupFullAccess
2. AWSBackupServiceLinkedRolePolicyForBackup
3. 🚩 AWSBackupServiceRolePolicyForBackup
4. 🚩 AWSBackupServiceRolePolicyForRestores
5. 🚩 AWSCleanRoomsMLFullAccess
6. AWSCleanRoomsMLReadOnlyAccess
7. AWSElasticDisasterRecoveryAgentInstallationPolicy
8. AWSElasticDisasterRecoveryAgentPolicy
9. 🚩 AWSElasticDisasterRecoveryConsoleFullAccess_v2
10. AWSElasticDisasterRecoveryConversionServerPolicy
11. 🚩 AWSElasticDisasterRecoveryEc2InstancePolicy
12. AWSElasticDisasterRecoveryFailbackInstallationPolicy
13. AWSElasticDisasterRecoveryFailbackPolicy
14. AWSElasticDisasterRecoveryNetworkReplicationPolicy
15. 🚩 AWSElasticDisasterRecoveryReadOnlyAccess
16. 🚩 AWSElasticDisasterRecoveryRecoveryInstancePolicy
17. AWSElasticDisasterRecoveryReplicationServerPolicy
18. AWSElasticDisasterRecoveryServiceRolePolicy
19. 🚩 AWSElasticDisasterRecoveryStagingAccountPolicy
20. 🚩 AWSElasticDisasterRecoveryStagingAccountPolicy_v2
21. 🚩 AWSFaultInjectionSimulatorEC2Access
22. AWSFinSpaceServiceRolePolicy
23. AWSSecurityHubServiceRolePolicy
24. AWSServiceRoleForNeptuneGraphPolicy
25. AWSZonalAutoshiftPracticeRunSLRPolicy
26. AccessAnalyzerServiceRolePolicy
27. 🚩 AmazonConnectServiceLinkedRolePolicy
28. AmazonDataZoneDomainExecutionRolePolicy
29. AmazonDataZoneFullUserAccess
30. AmazonDetectiveInvestigatorAccess
31. AmazonEKSWorkerNodePolicy
32. AmazonElastiCacheFullAccess
33. 🚩 AmazonElasticFileSystemFullAccess
34. AmazonFSxConsoleFullAccess
35. AmazonFSxFullAccess
36. AmazonOneEnterpriseFullAccess
37. AmazonOneEnterpriseInstallerAccess
38. AmazonOneEnterpriseReadOnlyAccess
39. AmazonQFullAccess
40. 🚩 AmazonSageMakerCanvasAIServicesAccess
41. 🚩 AmazonSageMakerClusterInstanceRolePolicy
42. 🚩 AmazonSageMakerFullAccess
43. CloudTrailServiceRolePolicy
44. ElastiCacheServiceRolePolicy
45. IAMAccessAnalyzerReadOnlyAccess
46. 🚩 NeptuneConsoleFullAccess
47. 🚩 NeptuneGraphReadOnlyAccess
48. 🚩 ReadOnlyAccess

Weekly diff
🤖 Powered by MAMIP | 🚩 Sensitive IAM Actions included

🥣 Secret Sauce

Each week, we'll showcase your top AWS insights, focusing on AWS Security tricks and tips. Got a cool command-line hack, a clever console maneuver, or an awesome open-source tool? Send us your best tips for a shot at being featured in our upcoming issues.

Are you red teaming an AWS environment? Be careful what operating system you use! Those IAM credentials you stole might get you caught.

Here's how: When you interact with the AWS API, a user-agent is sent in the request. This provides an opportunity for savvy defenders to catch lazy attackers. Why would IAM credentials for an EC2 instance suddenly start using a Mac user-agent? GuardDuty, AWS's own threat detection service, has a detection like this for common Penetration Testing Linux Distributions.

Avoid using Kali, Parrot, or Pentoo Linux to bypass this GuardDuty detection. To see the relevant part of the user-agent your operating system will report, you can run the following one liner:

​$ python3 -c "import platform; print(platform.system(), platform.release())"

Nick Frichette is a senior security researcher at Datadog where he specializes in AWS offensive security and vulnerability research. He has found numerous vulnerabilities in AWS services and is the creator of Hacking the Cloud, an open-source encyclopedia of cloud-focused offensive security techniques.