In this chapter, we covered some of the basics of the IAM service, such as IAM users, roles, and groups. We also looked at using IAM policies to restrict permissions within an environment, as well as IAM user access keys and the AWS CLI. Information on manually signing AWS HTTP requests was presented, also, for the rare occasion that you find it necessary.

These foundational topics will reappear again and again throughout this book, so it is important to get a strong grasp of the AWS IAM service. There are more features, intricacies, and details of the IAM service that we didn't cover in this chapter, but some of the more important ones will be discussed separately in other chapters of the book. The main reason for the content of this chapter is to provide a base of knowledge as you dive into the more advanced topics and services of AWS later on.

In the next chapter, we will look at using the AWS boto3 Python library with stolen access keys to enumerate our own permissions, as well as to escalate them all the way to an administrator! We will also cover Pacu, an AWS exploitation toolkit, which has already automated a lot of these attack processes and makes it easier to automate them yourself. Permission enumeration and privilege escalation are integral to AWS pentests, so get ready!