AWS offers a wide variety of services and they are constantly updating those services, along with releasing new ones. There are so many that it would be impossible to cover them all in this book, but this chapter aims to cover a few less mainstream services and how they can be abused for our benefit as an attacker.
It is important to note that every single AWS service has the potential for some sort of exploitation when looking at it like an attacker, and that just because it is not covered in this book, it doesn't mean you shouldn't investigate it. There are a variety of security problems that can arise in every service, so the best thing to do is to look at a service and determine how it would be used in the real world, then look for common mistakes, insecure defaults, or just bad practices that are followed to benefit yourself.
The four different services we will look at in this chapter include Route 53, a scalable DNS/domain management service; Simple Email Service (SES), a managed email service; CloudFormation, an infrastructure-as-code service; and Elastic Container Registry (ECR), a managed Docker container registry.
In this chapter, we will cover the following topics:
- Route 53
- SES
- CloudFormation
- ECR