# AWS - DataPipeline, CodePipeline & CodeCommit Enum
{% hint style="success" %}
Learn & practice AWS Hacking: (1) (1) (1).png)
[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\
Learn & practice GCP Hacking:  (1).png)
[**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
Support HackTricks
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
{% endhint %}
## DataPipeline
AWS Data Pipeline is designed to facilitate the **access, transformation, and efficient transfer** of data at scale. It allows the following operations to be performed:
1. **Access Your Data Where It’s Stored**: Data residing in various AWS services can be accessed seamlessly.
2. **Transform and Process at Scale**: Large-scale data processing and transformation tasks are handled efficiently.
3. **Efficiently Transfer Results**: The processed data can be efficiently transferred to multiple AWS services including:
* Amazon S3
* Amazon RDS
* Amazon DynamoDB
* Amazon EMR
In essence, AWS Data Pipeline streamlines the movement and processing of data between different AWS compute and storage services, as well as on-premises data sources, at specified intervals.
### Enumeration
```bash
aws datapipeline list-pipelines
aws datapipeline describe-pipelines --pipeline-ids
aws datapipeline list-runs --pipeline-id
aws datapipeline get-pipeline-definition --pipeline-id
```
### Privesc
In the following page you can check how to **abuse datapipeline permissions to escalate privileges**:
{% content-ref url="../aws-privilege-escalation/aws-datapipeline-privesc.md" %}
[aws-datapipeline-privesc.md](../aws-privilege-escalation/aws-datapipeline-privesc.md)
{% endcontent-ref %}
## CodePipeline
AWS CodePipeline is a fully managed **continuous delivery service** that helps you **automate your release pipelines** for fast and reliable application and infrastructure updates. CodePipeline automates the **build, test, and deploy phases** of your release process every time there is a code change, based on the release model you define.
### Enumeration
```bash
aws codepipeline list-pipelines
aws codepipeline get-pipeline --name
aws codepipeline list-action-executions --pipeline-name
aws codepipeline list-pipeline-executions --pipeline-name
aws codepipeline list-webhooks
aws codepipeline get-pipeline-state --name
```
### Privesc
In the following page you can check how to **abuse codepipeline permissions to escalate privileges**:
{% content-ref url="../aws-privilege-escalation/aws-codepipeline-privesc.md" %}
[aws-codepipeline-privesc.md](../aws-privilege-escalation/aws-codepipeline-privesc.md)
{% endcontent-ref %}
## CodeCommit
It is a **version control service**, which is hosted and fully managed by Amazon, which can be used to privately store data (documents, binary files, source code) and manage them in the cloud.
It **eliminates** the requirement for the user to know Git and **manage their own source control system** or worry about scaling up or down their infrastructure. Codecommit supports all the standard **functionalities that can be found in Git**, which means it works effortlessly with user’s current Git-based tools.
### Enumeration
```bash
# Repos
aws codecommit list-repositories
aws codecommit get-repository --repository-name
aws codecommit get-repository-triggers --repository-name
aws codecommit list-branches --repository-name
aws codecommit list-pull-requests --repository-name
# Approval rules
aws codecommit list-approval-rule-templates
aws codecommit get-approval-rule-template --approval-rule-template-name
aws codecommit list-associated-approval-rule-templates-for-repository --repository-name
# Get & Put files
## Get a file
aws codecommit get-file --repository-name backend-api --file-path app.py
## Put a file
aws codecommit get-branch --repository-name backend-api --branch-name master
aws codecommit put-file --repository-name backend-api --branch-name master --file-content fileb://./app.py --file-path app.py --parent-commit-id
# SSH Keys & Clone repo
## Get codecommit keys
aws iam list-ssh-public-keys #User keys for CodeCommit
aws iam get-ssh-public-key --user-name --ssh-public-key-id --encoding SSH #Get public key with metadata
# The previous command will give you the fingerprint of the ssh key
# With the next command you can check the fingerprint of an ssh key and compare them
ssh-keygen -f .ssh/id_rsa -l -E md5
# Clone repo
git clone ssh://@git-codecommit..amazonaws.com/v1/repos/
```
## References
* [https://docs.aws.amazon.com/whitepapers/latest/aws-overview/analytics.html](https://docs.aws.amazon.com/whitepapers/latest/aws-overview/analytics.html)
{% hint style="success" %}
Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\
Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
Support HackTricks
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
{% endhint %}