gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2026-01-05 01:07:11 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
cc5dc4c88588bbe82945b3e690d5d631bac0a181
hacktricks-cloud/src/pentesting-cloud/aws-security/aws-permissions-for-a-pentest.md
Carlos Polop 716aa06779 translate 2
2025-01-01 23:55:27 +01:00

952 B
Raw Blame History

AWS - Permissions for a Pentest

{{#include ../../banners/hacktricks-training.md}}

These are the permissions you need on each AWS account you want to audit to be able to run all the proposed AWS audit tools:

  • The default policy arn:aws:iam::aws:policy/ReadOnlyAccess
  • To run aws_iam_review you also need the permissions:
    • access-analyzer:List*
    • access-analyzer:Get*
    • iam:CreateServiceLinkedRole
    • access-analyzer:CreateAnalyzer
      • Optional if the client generates the analyzers for you, but usually it's easier just to ask for this permission)
    • access-analyzer:DeleteAnalyzer
      • Optional if the client removes the analyzers for you, but usually it's easier just to ask for this permission)

{{#include ../../banners/hacktricks-training.md}}

Reference in New Issue View Git Blame Copy Permalink