From 6c40f6cac4ca5c1122559a95216c3641ad0f3159 Mon Sep 17 00:00:00 2001 From: Cyd Tseng Date: Thu, 13 Mar 2025 00:38:23 +0800 Subject: [PATCH] docs: minor grammar / spelling improvements for aws-basic-information --- .../aws-basic-information/README.md | 34 ++++++++----------- 1 file changed, 15 insertions(+), 19 deletions(-) diff --git a/src/pentesting-cloud/aws-security/aws-basic-information/README.md b/src/pentesting-cloud/aws-security/aws-basic-information/README.md index 2b43fa39c..e4037a4c8 100644 --- a/src/pentesting-cloud/aws-security/aws-basic-information/README.md +++ b/src/pentesting-cloud/aws-security/aws-basic-information/README.md @@ -8,7 +8,7 @@ ### Accounts -In AWS there is a **root account,** which is the **parent container for all the accounts** for your **organization**. However, you don't need to use that account to deploy resources, you can create **other accounts to separate different AWS** infrastructures between them. +In AWS, there is a **root account**, which is the **parent container for all the accounts** for your **organization**. However, you don't need to use that account to deploy resources, you can create **other accounts to separate different AWS** infrastructures between them. This is very interesting from a **security** point of view, as **one account won't be able to access resources from other account** (except bridges are specifically created), so this way you can create boundaries between deployments. @@ -228,7 +228,7 @@ A boundary is just a policy attached to a user which **indicates the maximum lev A session policy is a **policy set when a role is assumed** somehow. This will be like an **IAM boundary for that session**: This means that the session policy doesn't grant permissions but **restrict them to the ones indicated in the policy** (being the max permissions the ones the role has). -This is useful for **security meassures**: When an admin is going to assume a very privileged role he could restrict the permission to only the ones indicated in the session policy in case the session gets compromised. +This is useful for **security measures**: When an admin is going to assume a very privileged role he could restrict the permission to only the ones indicated in the session policy in case the session gets compromised. ```bash aws sts assume-role \ @@ -309,20 +309,20 @@ AWS Identity and Access Management (IAM) provides **fine-grained access control* In [**this page**](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-unique-ids) you can find the **IAM ID prefixe**d of keys depending on their nature: -| Identifier Code | Description | -| ---- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| ABIA | [AWS STS service bearer token](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_bearer.html) | +| Identifier Code | Description | +| --------------- | ----------------------------------------------------------------------------------------------------------- | +| ABIA | [AWS STS service bearer token](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_bearer.html) | -| ACCA | Context-specific credential | -| AGPA | User group | -| AIDA | IAM user | -| AIPA | Amazon EC2 instance profile | -| AKIA | Access key | -| ANPA | Managed policy | -| ANVA | Version in a managed policy | -| APKA | Public key | -| AROA | Role | -| ASCA | Certificate | +| ACCA | Context-specific credential | +| AGPA | User group | +| AIDA | IAM user | +| AIPA | Amazon EC2 instance profile | +| AKIA | Access key | +| ANPA | Managed policy | +| ANVA | Version in a managed policy | +| APKA | Public key | +| AROA | Role | +| ASCA | Certificate | | ASIA | [Temporary (AWS STS) access key IDs](https://docs.aws.amazon.com/STS/latest/APIReference/API_Credentials.html) use this prefix, but are unique only in combination with the secret access key and the session token. | ### Recommended permissions to audit accounts @@ -386,7 +386,3 @@ If you are looking for something **similar** to this but for the **browser** you - [https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html](https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html) {{#include ../../../banners/hacktricks-training.md}} - - - -