When attacking an AWS environment, it is important to come up with a definitive list of what AWS services they are using, as it allows you to formulate your attack plan better. Along with that, it is important to look at the configuration and setup that is deployed across all of these services to find misconfigurations and features to abuse and hopefully chain together to gain full access to the environment.

No service is too small to look at, as there are likely attack vectors across every single AWS service if you have the permissions to interact with them. This chapter aimed to show some attacks on some less common AWS servers (compared to EC2, S3, and so on), and attempted to show that many services have policy documents that handle permissions in one way or another, such as SES identity policies or ECR repository policies. These services can all be abused in similar ways with misconfigured policies or by updating them ourselves.

In the next chapter, we will take a look CloudTrail, which is the AWS central API logging service. We will look at how to securely configure your trails and how to go about attacking them as a pentester for information gathering and to avoid being logged while trying to stay under the radar.