Acquiring AWS Credentials—Let Us Count the Ways
February 7, 2025
Will bad actors interested in poking around Amazon Web Services find the Wiz’s write up interesting? The answer is that the end of this blog post.
Cloud security firm Wiz shares an informative blog post: "The Many Ways to Obtain Credentials in AWS." It is a write-up that helps everyone: customers, Amazon, developers, cybersecurity workers, and even bad actors. We have not seen a similar write up about Telegram, however. Why publish such a guide to gaining IAM role and other AWS credentials? Why, to help guard against would- be hackers who might use these methods, of course.
Writer Scott Piper describes several services and features one might use to gain access: Certain AWS SDK credential providers; the Default Host Management Configuration; Systems Manager hybrid activation; the Internet of Things credentials provider; IAM Roles Anywhere; Cognito’s API, GetCredentialsForIdentity; and good old Datasync. The post concludes:
"There are many ways that compute services on AWS obtain their credentials and there are many features and services that have special credentials. This can result in a single EC2 having multiple IAM principals accessible from it. In order to detect attackers, we need to know the various ways they might attempt to obtain these credentials. This article has shown how this is not a simple problem and requires defenders to have just as much, if not more, expertise as attackers in credential access."
So true. Especially with handy cheat sheets like this one available online. Based in New York, New York, Wiz was founded in 2020.
Will bad actors find the Wiz’s post interesting? Answer: Yes but probably less interesting than a certain companion of Mr. Bezos’ fashion sense. But not by much.
Cynthia Murrell, February 7, 2025
Comments
Got something to say?
-
- Subscribe to Beyond Search
Feature archive
News archive
-
