AWS pentesting is an extensive process that requires a wide variety of knowledge and dedication, and it really is a never-ending process. There are always new services and functionality being released by AWS, so there will always be new security checks and attacks for those services.

As a pentester, it is difficult to be able to say you are done pentesting an AWS environment because of how massive and complicated they can be, so it is important to hit as many different services and attacks as possible, all while staying within the timeline that you agreed upon with your client.

Every real-world pentest that you do will likely vary greatly from the previous one. With the size and complexity of AWS and its offerings, people will be doing things differently wherever you go, so it is important to never get comfortable and instead always expect to be learning, teaching, and succeeding.

We hope that what you have learned in this chapter about real-world AWS penetration testing can help you in your own work and move the entire AWS security community forward. We covered the initial pentest kickoff and unauthenticated plus authenticated reconnaissance, including enumeration of our permissions. Then, we moved on to escalating those permissions through IAM misconfigurations, where we then used our elevated access to establish a means of persistence in the environment. After our access was secured, we moved on to the general post-exploitation of AWS services, where all the real magic happens. Beyond that, we took a short look at how to go about identifying and aggregating compliance and best practice checks to provide a thorough, useful report to our clients.

AWS pentesting is a fun, complicated process that can only be expanded on, so now we need you to get out there and contribute your knowledge and experience to create a safe AWS experience for all of the users out there.