Skip to content

Commit

Permalink
GITBOOK-729: No subject
Browse files Browse the repository at this point in the history
  • Loading branch information
@carlospolop @gitbook-bot
carlospolop authored and gitbook-bot committed Dec 16, 2024
1 parent c3673d7 commit 557013d
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions pentesting-cloud/aws-security/aws-permissions-for-a-pentest.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,14 @@ Learn & practice GCP Hacking: <img src="../../.gitbook/assets/image (2) (1).png"
These are the permissions you need on each AWS account you want to audit to be able to run all the proposed AWS audit tools:

* The default policy **arn:aws:iam::aws:policy/**[**ReadOnlyAccess**](https://us-east-1.console.aws.amazon.com/iam/home#/policies/arn:aws:iam::aws:policy/ReadOnlyAccess)
* To run [aws\_iam\_review](https://github.com/carlospolop/aws_iam_review) you also need the permissions:
* **access-analyzer:List\***
* **access-analyzer:Get\***
* **iam:CreateServiceLinkedRole**
* **access-analyzer:CreateAnalyzer**
* Optional if the client generates the analyzers for you, but usually it's easier just to ask for this permission)
* **access-analyzer:DeleteAnalyzer**
* Optional if the client removes the analyzers for you, but usually it's easier just to ask for this permission)

{% hint style="success" %}
Learn & practice AWS Hacking:<img src="../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">\
Expand Down

0 comments on commit 557013d

Please sign in to comment.